top | item 37022846

(no title)

If the remote host is trusted, you just forward the gpg-agent over ssh to your remote host.

discuss

Sorry, I think I missed something because the article doesn't mention GPG at all. How can you make a webauthn client defer to gpg-agent?

pxc|2 years ago

When GPG is your ssh agent, you can use RSA or ed25519 keys stored on a smartcard (like a Yubikey) to authenticate via SSH.

It's generally preferable to use a `-sk` key type, though, by which the remote server can essentially enforce that you're using a smartcard and not a normal keypair backed by a file.