[burke]

For a little while, I used a YubiKey NEO-n as an OpenPGP smartcard, with gpg-agent running as an ssh-agent (so that my SSH key was only present on my smartcard).

While great in theory, the authentication time made it totally impractical to connect to multiple servers at once.

I know this doesn't invalidate the general idea of using gpg-agent as ssh-agent -- just an anecdote.

[rmac]

Can you elaborate on 'authentication time made it totally impractical' ?

Does this mean it was slow? I'm using gpg-agent on osx with a neo-n to ssh into boxes and it's not noticeably slow.

[burke]

Thinking on this again now, perhaps using a shorter key (I'm sure I would have chosen 4k RSA) would have helped. Regardless, I did find that connecting to 50+ hosts at the same time, most of them would hit my 3 second connect timeout with the neo-n and gpg-agent.

This is a somewhat unusual use-case, I will grant, but I also found a somewhat-noticeable delay in connecting to a single server, on the order of several hundred milliseconds.

I wonder if it would all be fine with a 2k key.

[darklajid]

I might be mistaken, but I think Yubikeys only support 2k keys? I'm reasonably sure mine does anyway.

[an6n]

I got this just this second on my debian8 system.

:~$ time ssh an6n@mybox exit

real 0m1.910s

user 0m0.024s

sys 0m0.000s

[e12e]

Could you also list timings with just regular ssh-agent?