Re: Using GnuPG Keys with PuTTY

Richard E. Silverman wrote:
"Chuck" == Chuck <skilover_nospam@xxxxxxxxxxxxxx> writes:

Chuck> Simon Tatham wrote:
>> Wences <wgrillo@xxxxxxxxx> wrote:
>>> Have you tried puttygen.exe, available from the PuTTY download
>>> page?
>> That won't help: PuTTYgen will cheerfully import keys from OpenSSH
>> and ssh.com, but doesn't know how to import from GnuPG.
>>
>> Primarily this is because it has never occurred to us that anyone
>> would want to. The point of importing a private key from another
>> program is because it enables you to authenticate to servers which
>> _already_ trust the corresponding public key; if you instead
>> generated a fresh key then you'd have to reconfigure the server,
>> which might be more inconvenient (for example, if there are ten
>> such servers configured independently). So importing keys from
>> other SSH clients makes obvious practical sense because SSH servers
>> will often already be set up to trust those keys; but I've never
>> heard of an SSH server trusting a GnuPG public key, so I can't see
>> any practical reason why importing a GnuPG private key into PuTTY
>> would be preferable to just generating a fresh key.
>>
>> Perhaps the original poster might shed some light on _why_ his
>> users want to import GnuPG keys into PuTTY?

Chuck> Probably so that they have one private key identity, and one
Chuck> place to manage it. I can see some benefit to this but am not
Chuck> sure how it would work with current ssh implementations. GnuPG
Chuck> keys for example depend on a web of trust where they are signed
Chuck> by other keys. They can also be revoked, and they can expire. I
Chuck> don't believe ssh is set up for any of this.

Chuck> Chuck

The Tectia Unix ssh client (ssh.com) can use GPG-format keys for user
authentication, on both the client and server sides.


How do they handle revoked and expired keys? Does the server look for a
keyserver?
.

Relevant Pages

  • RE: sshd / ssh setup
    ... USA server and his windows/xp notebook to use SSH. ... followed sshd instruction and built ... and require users to submit keys. ...
    (freebsd-questions)
  • Debian SSH server configuration
    ... Before you flame me --- I asked this question over in debian-ssh and after 24 hours I didn't have a single hit on it. ... I would like to configure a Debian server to only allow clients to ssh in if the public keys already reside on the hard drives of both machines. ...
    (Debian-User)
  • Re: Is SSH worth it??
    ... > Andre sent stuff on Expect which would solve the RSA problem but then I ... DSA keys are only supported by SSH v2. ... and even then have a problem because on the server authorized keys ...
    (Security-Basics)
  • RE: Publick key authentication problem
    ... format to keep the encoding correct. ... Check the keys again. ... I have trouble connection to a server with ssh. ...
    (SSH)
  • Re: sshd / ssh setup
    ... USA server and his windows/xp notebook to use SSH. ... followed sshd instruction and built ... I don't have many users so I disable ChallengeResponse authentication and require users to submit keys. ...
    (freebsd-questions)