Add the bit about gpgkey2ssh
This commit is contained in:
parent
7fd8caaca7
commit
540f26ccd6
|
@ -306,6 +306,22 @@ either a smartcard reader or a Yubikey NEO.
|
||||||
This will offer an extra benefit of adding [2-factor authentication][10] to
|
This will offer an extra benefit of adding [2-factor authentication][10] to
|
||||||
your infrastructure access (yubikeys and smartcards are "something you have").
|
your infrastructure access (yubikeys and smartcards are "something you have").
|
||||||
|
|
||||||
|
As a server administrator, you can easily convert someone's GnuPG Auth key
|
||||||
|
into an SSH public key. First, find out what their Auth keyid is by running
|
||||||
|
`gpg --edit-key [email]` and looking for the "`Usage: A`" entry, e.g.:
|
||||||
|
|
||||||
|
sub rsa2048/80A407E7
|
||||||
|
created: 2014-06-03 expires: never usage: A
|
||||||
|
|
||||||
|
Then, run `gpgkey2ssh` command with that key ID:
|
||||||
|
|
||||||
|
gpgkey2ssh 80A407E7
|
||||||
|
|
||||||
|
This will produce the output that you can put into the `authorized_keys`
|
||||||
|
file. This saves you the trouble of asking them to send you their ssh public
|
||||||
|
key, and assures the key actually belongs to your team member since it's part
|
||||||
|
of their trusted OpenPGP key.
|
||||||
|
|
||||||
## Checklist
|
## Checklist
|
||||||
|
|
||||||
Here is a convenient checklist for your team to ensure that you have all these
|
Here is a convenient checklist for your team to ensure that you have all these
|
||||||
|
|
Loading…
Reference in a new issue