PGP Authentication in Tectia
Pretty Good Privacy (PGP) is another security product employing public-key authentication. [1.6.2] PGP keys and SSH keys are implemented differently and aren’t interchangeable, however, Tectia can perform authentication by PGP key, following the OpenPGP standard.[101] Yes, you can use your favorite PGP key to prove your identity to a Tectia server (as long as the key file is OpenPGP-compatible; some PGP keys, especially those produced by older software versions, aren’t). At press time, this feature is only sketchily documented. Here’s how to make it work.
First, you need Tectia installed on both the client and server
machines. Also, both implementations must be compiled with PGP support
included, using the compile-time flag --with-pgp. [4.3.5.7]
On the client machine, you need to make your PGP secret key ring and the desired secret key for authentication available to Tectia clients. Here’s how:
Copy your PGP secret key ring to your account’s Tectia directory, ~/.ssh2. Suppose it is called secring.pgp.
In an identification file, either ~/.ssh2/identification or another of your choice, indicate the secret key ring with the keyword
PgpSecretKeyFile:# Tectia PgpSecretKeyFile secring.pgpIdentify the PGP key you wish to use for authentication. This may be done with any of three keywords:
To identify the key by name, use
IdPgpKeyName:# Tectia IdPgpKeyName mykeyTo identify the key by its PGP fingerprint, use
IdPgpKeyFingerprint:# Tectia IdPgpKeyFingerprint ...
Get SSH, The Secure Shell: The Definitive Guide, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
