teranex weblog - gnupghttps://budts.be/2012-08-02T15:03:00+02:00SSH authentication with your PGP key2012-08-01T22:42:00+02:002012-08-02T15:03:00+02:00Jeroen Budtstag:budts.be,2012-08-01:/weblog/2012/08/ssh-authentication-with-your-pgp-key<p>A few weeks ago I learned that a <a href="http://roidelapluie.be/">few</a> <a href="http://blog.bigon.be/">of</a> <a href="http://vstone.eu/">my</a> colleagues were using PGP. I myself started using PGP around 2003, using the <a href="http://www.gnupg.org/">GnuPG</a> implementation. However, since I didn't know many people who used it my usage slowly faded after a few years. In 2009 I shortly picked it up again by creating <a href="http://budts.be/weblog/2009/05/nieuwe-pgp-key">a new key to phase out SHA-1</a>, but that was also of short duration. Thanks to my colleagues, I'm now starting to use GnuPG again. My key is still the same as created in 2009: <a href="http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xB99030C6610DB834">610DB834</a>.</p>
<p>I noticed that both my PGP-key and my SSH-keys use the RSA-algorithm, so I started wondering whether it was possible to use my PGP-key to authenticate myself to SSH-servers. After some Googling it seemed possible, but not very straightforward. In the end I managed to get it working, thanks to the very friendly support of <a href="http://en.wikipedia.org/wiki/Werner_Koch">Werner Koch</a> (the main developer of GnuPG). Since it is not very straightforward I will document my findings here for future reference.</p>
<h2>Adding an authentication …</h2><p>A few weeks ago I learned that a <a href="http://roidelapluie.be/">few</a> <a href="http://blog.bigon.be/">of</a> <a href="http://vstone.eu/">my</a> colleagues were using PGP. I myself started using PGP around 2003, using the <a href="http://www.gnupg.org/">GnuPG</a> implementation. However, since I didn't know many people who used it my usage slowly faded after a few years. In 2009 I shortly picked it up again by creating <a href="http://budts.be/weblog/2009/05/nieuwe-pgp-key">a new key to phase out SHA-1</a>, but that was also of short duration. Thanks to my colleagues, I'm now starting to use GnuPG again. My key is still the same as created in 2009: <a href="http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&search=0xB99030C6610DB834">610DB834</a>.</p>
<p>I noticed that both my PGP-key and my SSH-keys use the RSA-algorithm, so I started wondering whether it was possible to use my PGP-key to authenticate myself to SSH-servers. After some Googling it seemed possible, but not very straightforward. In the end I managed to get it working, thanks to the very friendly support of <a href="http://en.wikipedia.org/wiki/Werner_Koch">Werner Koch</a> (the main developer of GnuPG). Since it is not very straightforward I will document my findings here for future reference.</p>
<h2>Adding an authentication key</h2>
<p>First add an authentication subkey to your PGP-key, as it is apparently <a href="http://security.stackexchange.com/questions/1806/why-should-one-not-use-the-same-asymmetric-key-for-encryption-as-they-do-for-sig">a best practice to use subkeys for each type of usage</a>. To do so you need to start <code>gpg</code> with the <code>--expert</code> flag like this:</p>
<div class="highlight"><pre><span></span><span class="c1"># where 610DB834 is the id of my key</span>
gpg --expert --edit-key 610DB834
</pre></div>
<p>When you are in <code>gpg</code> type <code>addkey</code> and type '8' to choose <code>(8) RSA (set your own capabilities)</code>. This option let's you manually configure the new key. Then type (each time followed by <code>enter</code>): <code>S</code>, <code>E</code>, <code>A</code>, <code>Q</code>, so that it says 'Current allowed actions: Authenticate'. Then choose a keysize (I use 4096) and an expiration date (5 years from now for example) and wait for the key to be created. Finally <code>save</code> to save your key. Your authentication-subkey is now ready.</p></p>
<h2>Getting it working on the client</h2>
<p>Now that we have a new authentication subkey on our PGP key, we can configure everything so that we can use our PGP key for SSH authentication. Sadly enough, this is not as straightforward as I had hoped for. At least not if you are using the current stable version of GnuPG (2.0.x). <a href="http://lists.gnupg.org/pipermail/gnupg-users/2012-July/045059.html">Werner Koch explained on the mailinglist</a> that it should be rather easy with GnuPG 2.1, which is currently in beta.</p>
<h3>GnuPG 2.1</h3>
<p>As of GnuPG 2.1 the gpg-agent will be used to store all the keys. So to set-up everything, you only have to start gpg-agent with the <code>--enable-ssh-support</code> option and add the 'keygrip' of your authentication key to the ~/.gnupg/sshcontrol file and you are done.</p>
<p>Sidenote. What is a 'keygrip'? <a href="http://lists.gnupg.org/pipermail/gnupg-users/2012-July/045115.html">As explained by Werner</a>:
<blockquote>That is a protocol neutral way to identify a public key. It is a hash over the actual public key parameters. It is GnuPG specific but for example, pkcs#15 uses a similar technique. To compute it, you should use the respective Libgcrypt function.</blockquote> </p>
<h3>GnuPG 2.0</h3>
<p>When you prefer to use the current stable version of GnuPG it takes a few additional steps. The problem is that your key is not available to gpg-agent to be used for SSH-authentication, so you need to get it in the gpg-agent. One method to do this is by installing <code>monkeysphere</code> (available from the ubuntu repos). After installing this, you can run the command <code>monkeysphere subkey-to-ssh-agent</code> (or it's short form: <code>monkeysphere s</code>). Monkeysphere will then extract your private authentication key from GnuPG, run it through the <code>openpgp2ssh</code>-script to convert it into the correct format, and then add it to gpg-agent using the standard <code>ssh-add</code>-command. After you have ran that command your authentication subkey will (also) be stored by gpg-agent and it will be added to the <code>~/.gnupg/sshcontrol</code>-file so you can use it for SSH-authentication. (As with GnuPG 2.1, make sure that your gpg-agent is started with the --enable-ssh-support flag.)</p>
<h3>GNOME keyring</h3>
<p>If you prefer to use GNOME keyring, a similar solution is possible. The easiest solution is to simply run the aforementioned <code>monkeysphere subkey-to-ssh-agent</code>-command. However, you will have to do this every time you log on again. This is because the regular <code>ssh-agent</code> doesn't "remember" keys which are added using <code>ssh-add</code> (while gpg-agent really copies them and stores them safely).</p>
<p>This problem can be solved by manually extracting your key, converting it, setting a new passphrase and storing it with the correct name in your <code>~/.ssh/</code>-directory. By doing this GNOME keyring will automatically pick up the key. To do this execute the following commands (where C83CBC1B is my subkey):</p>
<div class="highlight"><pre><span></span><span class="nb">cd</span> ~/.ssh/
<span class="c1"># export the key without a passphrase (the openpgp2ssh script</span>
<span class="c1"># can't handle encrypted keys)</span>
gpg2 --export-options export-reset-subkey-passwd,export-minimal,<span class="se">\</span>
no-export-attributes --export-secret-subkeys --no-armor <span class="se">\</span>
0xC83CBC1B! > C83CBC1B.key
<span class="c1"># convert the raw key to the correct format</span>
openpgp2ssh C83CBC1B < C83CBC1B.key > C83CBC1B
<span class="c1"># remove the exported raw key</span>
rm C83CBC1B.key
<span class="c1"># set the correct permissions for the private key</span>
chmod <span class="m">600</span> C83CBC1B
<span class="c1"># add back a passphrase to the key</span>
ssh-keygen -f C83CBC1B -p
</pre></div>
<p>After doing this you will have your PGP key in the correct format inside your SSH-directory. However, for GNOME keyring to automatically pick up your key you also need to add the public key as C83CBC1B.pub. (see the next section)</p></p>
<h2>Getting the key on the server</h2>
<p>Before you can log on to a server using your PGP key, you also have to add it on the server. More correctly, you have to add your public key to the <code>~/.ssh/authorized_keys</code>-file. So how do you obtain the public key of your authentication subkey?</p>
<p>Luckily that is rather easy. After you have added your key to gpg-agent or GNOME keyring you can simply run <code>ssh-add -L</code> and the public keys for all your loaded keys will be shown. Pick the correct one, add it into the authorized_keys-file on the server and you are done!</p>
<p>side note: while I was searching for information about this I regularly found references to the gpgkey2ssh script. This will also output your public key if you run it like <code>gpgkey2ssh C83CBC1B</code>. However since <code>ssh-add -L</code> does exactly the same, you don't need this script.</p>
<h2>Side note: replacing GNOME keyring with gpg-agent</h2>
<p>If you are using GNOME or XFCE with the "Launch GNOME services on startup"-option enabled, you won't be using the 'real' gpg-agent by default. The reason for this is that GNOME keyring implements it's own version of ssh-agent and gpg-agent. It took me some time before I realized that not everything worked as I expected because I was using keyring while I thought I was using gpg-agent.</p>
<p>To get it working I finally disabled the GNOME services (I'm using XFCE) on one laptop so I could try the solution with the "real" gpg-agent. After I got this working, I decided to try and get it working with GNOME keyring on my laptop from work, just to see if that would also be possible. It turned out to be not so difficult and now I have two laptops with two different solutions for the same problem :)</p>
<p><em>I'd really like to thank Werner Koch and the people from the gnupg-users mailinglist for their help!</em></p>Nieuwe PGP key2009-05-20T17:36:00+02:002010-12-18T12:31:00+01:00Jeroen Budtstag:budts.be,2009-05-20:/weblog/2009/05/nieuwe-pgp-key<p>Een paar dagen geleden las ik op Debian Administration een <a href="http://www.debian-administration.org/users/dkg/weblog/48">artikel over het uitfaseren van SHA-1 in OpenPGP</a>. Dit is nodig omdat de veiligheid van SHA-1 niet meer volledig gegarandeerd is.</p>
<p>Sinds ik Linux gebruik had ik mij al eens terug op OpenPGP willen toeleggen om het terug te gebruiken, al was het maar om de <a href="http://www.ubuntu.com/community/conduct">Ubuntu Code of Conduct</a> te kunnen ondertekenen. Dit leek me dus het perfecte moment om ineens een nieuwe sleutel te genereren die hopelijk toch wel een aantal jaren moet mee kunnen. In het artikel wordt gesuggereerd om een 2048 bits RSA (sign-only) sleutel te maken, maar ik heb ervoor gekozen om maar ineens voor de 4096 bit RSA (sign-only) sleutel te gaan. Daarbij nog een 4096 bit RSA (encryption-only) subkey en een fototje en we zijn gesteld. Mijn nieuwe PGP key heeft als id 610DB834 gekregen.</p>
<p>De gegevens van de oude key:</p>
<div class="highlight"><pre><span></span>pub 1024D/8B7B774A 2003-12-03
Key fingerprint = 97A4 641E AE0A 4068 B78D F530 1F4E 3017 8B7B 774A
uid Jeroen Budts <jeroen*lightyear.be …</pre></div><p>Een paar dagen geleden las ik op Debian Administration een <a href="http://www.debian-administration.org/users/dkg/weblog/48">artikel over het uitfaseren van SHA-1 in OpenPGP</a>. Dit is nodig omdat de veiligheid van SHA-1 niet meer volledig gegarandeerd is.</p>
<p>Sinds ik Linux gebruik had ik mij al eens terug op OpenPGP willen toeleggen om het terug te gebruiken, al was het maar om de <a href="http://www.ubuntu.com/community/conduct">Ubuntu Code of Conduct</a> te kunnen ondertekenen. Dit leek me dus het perfecte moment om ineens een nieuwe sleutel te genereren die hopelijk toch wel een aantal jaren moet mee kunnen. In het artikel wordt gesuggereerd om een 2048 bits RSA (sign-only) sleutel te maken, maar ik heb ervoor gekozen om maar ineens voor de 4096 bit RSA (sign-only) sleutel te gaan. Daarbij nog een 4096 bit RSA (encryption-only) subkey en een fototje en we zijn gesteld. Mijn nieuwe PGP key heeft als id 610DB834 gekregen.</p>
<p>De gegevens van de oude key:</p>
<div class="highlight"><pre><span></span>pub 1024D/8B7B774A 2003-12-03
Key fingerprint = 97A4 641E AE0A 4068 B78D F530 1F4E 3017 8B7B 774A
uid Jeroen Budts <jeroen*lightyear.be>
uid Jeroen Budts <jeroen*budts.be>
sub 1024g/20BC0ADF 2003-12-03
De gegevens van de nieuwe key:
pub 4096R/610DB834 2009-05-15
Key fingerprint = 03E2 547D 5CE5 DEF7 5C85 9280 B990 30C6 610D B834
uid Jeroen Budts <jeroen*lightyear.be>
uid [jpeg image of size 5067]
sub 4096R/903CE17F 2009-05-15
</pre></div>
<p>In het artikel wordt ook beschreven dat je best een 'transition statement' schrijft en dit met beide keys ondertekend. Een versie van deze blogpost in pure tekst en ondertekend met beide keys vind je op <a href="http://budts.be/jeroen/610DB834-transition.txt">http://budts.be/jeroen/610DB834-transition.txt</a>.</p>
<p>De publieke sleutel is te vinden op <a href="http://budts.be/jeroen/0x610DB834.asc">http://budts.be/jeroen/0x610DB834.asc</a>, maar ook op de <a href="http://keyserver.ubuntu.com:11371/">keyservers van Ubuntu</a> en op mijn <a href="https://launchpad.net/~teranex">Launchpad account</a>.</p>