On 2015-03-16 14:36, Donavan-Ross Costaras wrote: > Hi, Hi!
I don't fully understand what you're trying to accomplish, or what you exactly need. Sorry about that. I hope my reply might help you though. > To present the correct key I use .ssh/confg to define the > identityFile (ssh key) used for that user. I don't think "identityFile" still does anything when you use an agent, or at least with GnuPG as an agent. Because it is the agent's responsibility to keep keys, and you're changing the config for the ssh program, which merely asks the agent what it has. I think. > The problem is I cant add an ssh comment if I dont put the key > through something like monkeyshere or gpgkey2ssh. With SSH2 keys, the comment is simply appended to the public key. There's nothing more to it. So I went with the following workflow: First, I added the key in ~/.ssh/id_rsa to the gpg-agent. The public key for that is already in ~/.ssh/id_rsa.pub, so I didn't need to extract that from the agent. Then, I inserted my OpenPGP smartcard with an authentication key. I understand you're probably not using a smartcard, but I'm talking about what I did :). It hopefully allows you to adapt it to your situation. The smartcard key is automatically added to the ssh agent component of gpg-agent. But, like you, I still need it's public key in SSH format to paste in ~/.ssh/authorized_keys on the machines I want to login to, like you need it to give to gitolite. I do: $ ssh-add -L ssh-rsa AAAAB3N[...]TrnoZzZdHJ cardno:000500000241 ssh-rsa AAAAB3N[...]TAiuL0Iw== /home/peter/.ssh/id_rsa $ Now gpg-agent was kind enough to provide a comment that allows me to distinguish them on sight. If there is no comment field, simply look at the actual base64 key to see which one you're /not/ interested in, by comparing to ~/.ssh/id_rsa.pub, for instance. Now I copy the line ending in "cardno:[...]241" to the clipboard, and open an editor for the new file ~/.ssh/id_card.pub. I paste from the clipboard, but change the end: ssh-rsa AAAAB3N[...]TrnoZzZdHJ peter@OpenPGPCard All my SSH keys are of the form peter@hostname, and usually stored in ~/.ssh/id_rsa.pub. The filename and comment form are just to fit in with the rest. It's free-format. Now whenever I need to add that public key to a ~/.ssh/authorized_keys, I don't use ssh-add -L, I simply open ~/.ssh/id_card.pub and copy it from there. As I said, in SSH2 public keys, the comment is just text appended to the key; there's nothing relating to it in that blob of base64. You can just edit it with a text editor and store the result wherever you like. HTH, Peter. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users