Follow

How to enable SSH access using a GPG key for authentication opensource.com/article/19/4/gp

· feed2toot · 1 · 4 · 5

@osdc Good article but some suggestions:

1. A person's primary GPG key should have the certification role only and be stored offline.
2. Three online subkeys should be created for signing, encryption, and authentication (1 role each).
3. All keys should have expiration dates, renewed periodically with the primary ('expires: never' is bad m'kay).
4. Beyond passphrases for private keys, instead recommend storing them on a smartcard (e.g. Yubikey, Nitrokey, etc.) with a PIN.

@sean I've just done exactly what you suggest here (on a YubiKey 5 NFC). Good advice.

Sign in to participate in the conversation
Fosstodon

Fosstodon is a Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.