I have a new YubiKey 4 and I'm on macOS Sierra. I installed gpgtools (https://gpgtools.org/) to configure gpg keys on my yubikey - seems to work great.
I wanted to configure my SSH to authenticate with my keys on the yubikey - this basically works out of the box now with gpg tools, the only thing I had to set up was ~/.gnupg/gpg-agent.conf:
Code:
pinentry-program /usr/local/MacGPG2/libexec/pinentry-mac.app/Contents/MacOS/pinentry-mac
enable-ssh-support
write-env-file
use-standard-socket
and my .bash_profile
Code:
source "$HOME/.gpg-agent-info"
export GPG_AGENT_INFO
export SSH_AUTH_SOCK
export SSH_AGENT_PID
Now ssh-add -L shows a key exposed from my yubi, and if I understand correctly this should be my authentication key?
If I run gpgkey2ssh with the id of the last key shown by gpg --card-status (should be auth key), it generates a different output than what's shown by ssh-add.
If I run gpgkey2ssh with the ID of my encryption key (second key shown by gpg --card-status) - it matches the key exposed to ssh-add.
So, basically I login via SSH with my encryption key instead of my authentication key. What did I do wrong?
I wanted to check out the walkthrough linked here: https://developers.yubico.com/PGP/SSH_authentication/ but antivirus software freaks out when I try to open the link for OS X.Statistics: Posted by paulina — Sun Nov 20, 2016 5:50 pm
]]>