How to use a GPG key for SSH authentication

How to use a GPG key for SSH authentication

# How to use a GPG key for SSH authentication
# Tested on Ubuntu 20.04 LTS

# Enable SSH support in gpg-agent:
echo enable-ssh-support > ~/.gnupg/gpg-agent.conf

# Cache GPG & SSH passwords for 24 hours (the reboot will clear the password cache)
echo max-cache-ttl 86440 >> ~/.gnupg/gpg-agent.conf
echo max-cache-ttl-ssh 86440 86440 >> ~/.gnupg/gpg-agent.conf
echo default-cache-ttl 86440 >> ~/.gnupg/gpg-agent.conf
echo default-cache-ttl-ssh 86440 >> ~/.gnupg/gpg-agent.conf

# Add SSH_AUTH_SOCK config to startup files
vi ~/.zshrc or vi ~/.bashrc
export SSH_AUTH_SOCK="$(gpgconf --list-dirs agent-ssh-socket)" # set SSH_AUTH_SOCK
gpg-connect-agent updatestartuptty /bye > /dev/null # help pgp find user tty for password prompts

# List public keys with keygrip option
gpg --list-keys --with-keygrip
-------------------------------
pub   ed25519/C2BCF0BF 2020-09-28 [SC]
      Key fingerprint = 89B0 3C51 CF63 1E16 454D  6871 B534 46C2 C0CC F0BF
      Keygrip = 7F852EF146D1A5FCFED6946A9AFAC925610F7FDA
uid         [ultimate] User Name <[email protected]>
sub   cv25519/A75925B3 2020-09-28 [E]
      Keygrip = 50A88462AFFCB5A6B851B5BB76DBB3B6410157C6
sub   ed25519/B1EDF558 2020-09-28 [A]
      Keygrip = 34DE6B37C4ECE3C184A833E45B7C15B26664D75F

# Place authintication subkey keygrip into ~/.gnupg/sshcontrol
echo 34DE6B37C4ECE3C184A833E45B7C15B26664D75F > ~/.gnupg/sshcontrol
    
# Reboot OS to reload ssh-agent and gpg-angent, just in case

# Verify SSH public keys
gpg --export-ssh-key [email protected]
ssh-add -L

This is a nice, succinct snapshot for setting up a new machine. Works for macOS with slight modification:

# Add SSH_AUTH_SOCK config to startup files
export GPG_TTY=$(tty)
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent # then check ssh-add -L

Was seeing ssh-add -L report no agents on an ARM machine I'm setting up until ironing out that wrinkle.