jh at jameshoward
Jul 22, 2009, 2:50 PM
Post #3 of 3
(535 views)
Permalink
|
|
Re: Question about authentication subkeys and SSH
[In reply to]
|
|
On Wed Jul 22 2009 16:12:34 GMT-0400 (EDT) , Daniel Kahn Gillmor
<dkg [at] fifthhorseman> wrote:
> On 07/22/2009 03:59 PM, James P. Howard, II wrote:
>> I have created a 2048-bit RSA subkey that is authentication only.
>> I'd like to use this with SSH. A bit of Googling suggests this
>> cannot be used directly unless it is on a smart card, but it isn't
>> clear. Have I correctly interpreted this?
>
> You can use such a subkey without a smartcard by using software
> provided by the monkeysphere project:
>
> http://web.monkeysphere.info/
>
> Assuming this is the only authentication-capable subkey on your only
> gpg secret key, you'd simply do:
>
> monkeysphere subkey-to-ssh-agent
>
> which would load the key into the agent for use. You can pass
> additional parameters to ssh-add at the end of the argument list.
> For example, if you want to ensure that the key is only held by the
> agent for an hour, do:
>
> monkeysphere subkey-to-ssh-agent -t 3600
That looks like the missing link I was searching for!
Thank you.
--
James P. Howard, II, MPA
jh [at] jameshoward
|
signature.asc
