|
|
|
|
|
|
by kiallmacinnes
1862 days ago
|
|
|
Yes, you can use gpg-agent to handle this - I've been doing it for years... Every machine does need to be setup to use gpg-agent in place of ssh-agent, which frankly is a little annoying - but once it's setup your key is entirely on the YubiKey or similar. Here's[1] the first blog I could find that at a glance appears to provide the right instructions. [1]: https://evilmartians.com/chronicles/stick-with-security-yubi... |
|
|
Well, except when gpg-agent dies out of nowhere and you have to restart it..
It's still better security even if it doesn't go quite as smoothly as I'd hope.
A tip to anyone else here who wants to do this: You want gpg-agent, and you absolutely need to use a newer build of OpenSSH than the one that ships with Windows 10 currently. Remove that and go find the official distribution on GitHub or Chcoolatey so you have a version that supports that key type. Then you also need to make sure to set up the environment variable GIT_SSH to point to that version of OpenSSH or else Git for Windows will try to use its own older build and then you will spend a week trying to figure out how to make it work.