tag:gpgtools.tenderapp.com,2011-11-04:/discussions/problems/28172-ssh-yubikey-neo-smartcard-gpg-agent-simple-setupGPGTools: Discussion 2015-01-16T18:34:01Ztag:gpgtools.tenderapp.com,2011-11-04:Comment/348846992014-10-08T18:20:48Z2014-12-11T19:18:58Zssh, Yubikey NEO smartcard, gpg-agent - simple setup<div><p>1.0.2 build 602</p>
<p>ssh public/private key authentication, with the private key
stored on a smartcard. The card is actually a Yubikey NEO. I am
using gpg-agent to plug the gap between ssh and the smartcard. I am
following this howto for the most part, which seems to work pretty
well:</p>
<p><a href=
"http://25thandclement.com/~william/YubiKey_NEO.html">http://25thandclement.com/~william/YubiKey_NEO.html</a></p>
<p>Other relevant links:</p>
<p><a href=
"http://www.yubico.com/products/yubikey-hardware/yubikey-neo/">http://www.yubico.com/products/yubikey-hardware/yubikey-neo/</a></p>
<p><a href=
"http://forum.yubico.com/viewtopic.php?f=26&t=1171">http://forum.yubico.com/viewtopic.php?f=26&amp;t=1171</a></p>
<p>The howto claims your smartcard remains tied to the ~/.gnupg
keyring on the machine where you've generated the keys. I think
that's not true. Reading this howto...</p>
<p><a href=
"https://blog.habets.se/2013/02/GPG-and-SSH-with-Yubikey-NEO">https://blog.habets.se/2013/02/GPG-and-SSH-with-Yubikey-NEO</a></p>
<p>...it became apparent that I only need the smartcard, and a
working gpg-agent, and I could run ssh on any machine. This is what
I would expect, since the private key is stored on the smartcard,
so why should I care about the keyring?</p>
<p>The only problem is, the second howto shows how to run ssh in a
wrapper script with gpg-agent. Is there a more direct method?
Basically, what I would expect is to be able to plug the smardcard
into USB and, as long as gpg-agent is running, I should be able to
just fire up ssh, scp, sftp and have authentication taken care
of.</p>
<p>What do you think?</p></div>Florin Andreitag:gpgtools.tenderapp.com,2011-11-04:Comment/348846992015-01-09T12:09:40Z2015-01-09T12:09:40Zssh, Yubikey NEO smartcard, gpg-agent - simple setup<div><p>Hi Florin,</p>
<p>it's best to ask this question on the gnupg users mailing
list:<br>
<a href=
"https://www.gnupg.org/documentation/mailing-lists.html">https://www.gnupg.org/documentation/mailing-lists.html</a></p>
<p>All the best,<br>
steve</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/348846992015-01-09T19:11:33Z2015-01-09T19:11:33Zssh, Yubikey NEO smartcard, gpg-agent - simple setup<div><p>I've solved it, I'll write a HOWTO on this topic soon, and
perhaps link it here.</p></div>Florin Andreitag:gpgtools.tenderapp.com,2011-11-04:Comment/348846992015-01-15T10:21:14Z2015-01-15T10:21:14Zssh, Yubikey NEO smartcard, gpg-agent - simple setup<div><p>Florin, would be great, if you could share how you solved this
problem.</p></div>Stevetag:gpgtools.tenderapp.com,2011-11-04:Comment/348846992015-01-15T18:59:35Z2015-01-15T18:59:35Zssh, Yubikey NEO smartcard, gpg-agent - simple setup<div><p>Here's the HOWTO:</p>
<p><a href=
"http://florin.myip.org/blog/easy-multifactor-authentication-ssh-using-yubikey-neo-tokens">
http://florin.myip.org/blog/easy-multifactor-authentication-ssh-usi...</a></p></div>Florin Andreitag:gpgtools.tenderapp.com,2011-11-04:Comment/348846992015-01-16T18:33:58Z2015-01-16T18:33:58Zssh, Yubikey NEO smartcard, gpg-agent - simple setup<div><p>Great job. I really hope this issue can be resolved. We'll
update the discussion you referenced in your blog article as soon
as we have news.</p>
<p>All the best,<br>
steve</p></div>Steve