我已关注如何使用 GPG 密钥进行身份验证启用 SSH 访问使用 GPG 密钥进行身份验证启用 SSH 访问。
$ gpg2 --expert --edit-key <KEY ID>
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
Your selection? 8
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? s
Your selection? e
Your selection? a
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Authenticate
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
sec rsa2048/8715AF32191DB135
created: 2019-03-21 expires: 2021-03-20 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/150F16909B9AA603
created: 2019-03-21 expires: 2021-03-20 usage: E
ssb rsa2048/17E7403F18CB1123
created: 2019-03-21 expires: never usage: A
[ultimate] (1). Brian Exelbierd
gpg> quit
Save changes? (y/N) y
添加enable-ssh-support到~/.gnupg/gpg-agent.conf文件。
将 Keygrip 添加到~/.gnupg/sshcontrol文件中。
$ gpg2 -K --with-keygrip
/home/bexelbie/.gnupg/pubring.kbx
------------------------------
sec rsa2048 2019-03-21 [SC] [expires: 2021-03-20]
96F33EA7F4E0F7051D75FC208715AF32191DB135
Keygrip = 90E08830BC1AAD225E657AD4FBE638B3D8E50C9E
uid [ultimate] Brian Exelbierd
ssb rsa2048 2019-03-21 [E] [expires: 2021-03-20]
Keygrip = 5FA04ABEBFBC5089E50EDEB43198B4895BCA2136
ssb rsa2048 2019-03-21 [A]
Keygrip = 7710BA0643CC022B92544181FF2EAC2A290CDC0E
$ echo 7710BA0643CC022B92544181FF2EAC2A290CDC0E >> ~/.gnupg/sshcontrol
将以下内容添加到我的.zshrc
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent
教程说:
首先,您可以运行 ssh-add -L 列出您的公钥并将其手动复制到远程主机。您还可以使用 ssh-copy-id。从这个角度来看,一切都没有改变。
但ssh-add -L说The agent has no identities.
% ssh-add -L
The agent has no identities.
我努力了
% eval "$(ssh-agent -s)"
Agent pid 26756
% kill -9 26756
% gpg-connect-agent reloadagent /bye
OK
% systemctl --user restart gpg-agent
% systemctl restart ssh
% systemctl restart sshd
% ssh-add -L
The agent has no identities.
重新启动 GPG 代理:
sudo killall gpg-agent gpg-agent --daemon --write-env-file ~/.gpg-agent-info --enable-ssh-support source ~/.gpg-agent-info....
如果您看到
The agent has no identities,请尝试按照上面的步骤重新启动 GPG 代理。
但运行该命令会出现不同的错误。
% gpg-agent --daemon --write-env-file ~/.gpg-agent-info --enable-ssh-support
gpg-agent[29055]: WARNING: "--write-env-file" is an obsolete option - it has no effect
gpg-agent: a gpg-agent is already running - not starting a new one
我能做些什么?
答案1
ssh-add -l从 $HOME 目录启动