sshd-openpgp-auth-add(1) General Commands Manual sshd-openpgp-auth-add(1)

sshd-openpgp-auth-add - Add public SSH host keys as authentication subkeys to an OpenPGP certificate

sshd-openpgp-auth add [-f|--fingerprint] [-k|--known-hosts] [-o|--openpgp-dir] [-S|--ssh-dir] [-s|--stdout] [-t|--time] [-h|--help]

Add public SSH host keys as authentication subkeys to an OpenPGP certificate

By default this command adds SSH host keys found in "/etc/ssh/" as authentication subkeys to an OpenPGP certificate in "/var/lib/sshd-openpgp-auth/". Custom locations for SSH public keys as well as OpenPGP certificates can be provided. If more than one OpenPGP certificate is found in the target directory, an OpenPGP fingerprint must be specified. When adding from SSH host key files the subkey creation time is derived from the file creation timestamp of the respective files.

It is possible to add subkeys by piping a known_hosts formatted string to this command when using the "--known-hosts" option. When adding from stdin the current time is used for the subkey creation time.

A custom creation time can be provided.

An OpenPGP fingerprint to identify a specific certificate
May also be specified with the SOA_FINGERPRINT environment variable.
Read the SSH public keys in known_hosts format from stdin instead of from a directory
A custom directory in which to look for OpenPGP certificates (defaults to "/var/lib/sshd-openpgp-auth/")
May also be specified with the SOA_OPENPGP_DIR environment variable.
A custom directory in which to look for SSH public keys (defaults to "/etc/ssh/")
May also be specified with the SOA_SSH_DIR environment variable.
Output the OpenPGP certificate to stdout instead of a file
A custom reference time formatted as an RFC3339 string (defaults to now)
May also be specified with the SOA_TIME environment variable.
Print help (see a summary with '-h')
sshd-openpgp-auth-add