On Tue, 29 Nov 2016 14:49, matth...@urlichs.de said: > When in doubt, do both?
No. As I explained the key might be in use by other tools not just ssh. Tracking which key has been ssh-add'ed which has been taken from a different source would be pretty complicated. > In any case, if it's been added by ssh-add, it needs to be dropped. > Otherwise you're not compatible with ssh-agent. gpg-agent works different than ssh-agent in that it provides a persistent store for the keys. It is not a plugin-replacement for ssh-agent but merely speaks the same protocol and opts to differ from ssh-agent semantics. > One of my use cases is to add the key (from removable media) to some > long-running process's key store. That process proceeds to do various > remote things, after which it no longer requires access and thus removes You can use gpg-connect-agent to remove keys from gpg-agent's store: $ gpg-connect-agent > keyinfo --ssh-list S KEYINFO 1234567890334957345974597345984574958445 D - - - P - - S Lists information about all keys enabled fro use with ssh (~/.gnupg/sshcontrol). For a description of the format use "help keyinfo". The command DELETE_KEY can be used to delete the key. Although a bit hackish you may access gpg-agent's internal store directly: For example with the key above you can do: rm ~/.gnupg/private-keys-v1.d/1234567890334957345974597345984574958445.key or backup that file with the key somewhere and restore it when you need it again. Note that a key must also be listed in sshcontrol; but ssh-add takes care of that. The key can be listed there but does not need to be actually available under private-keys-v1.d Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgpghNAIn3WTI.pgp
Description: PGP signature