How to enable SSH access using a GPG key for authentication

· feed2toot · 1 · 4 · 5

@osdc Good article but some suggestions:

1. A person's primary GPG key should have the certification role only and be stored offline.
2. Three online subkeys should be created for signing, encryption, and authentication (1 role each).
3. All keys should have expiration dates, renewed periodically with the primary ('expires: never' is bad m'kay).
4. Beyond passphrases for private keys, instead recommend storing them on a smartcard (e.g. Yubikey, Nitrokey, etc.) with a PIN.

@sean I've just done exactly what you suggest here (on a YubiKey 5 NFC). Good advice.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.