Hey there. So I recently lost my NitroKey and bought a new one. Now I want to have one single SSH key on both my Nitrokey and my local machine (well I’ll move the key to like a USB stick that I’ll bury somewhere). If this is possible, how can I do this?
hello , couldn’t understand your question exactly . can you rephrase it. Where do you want to store it ? or you mean you want a backup if the private key ?
i haven’t tried the ssh function myself but by reading the docs it says a set of gpg keys need to be already installed in it , so probably it uses a subkey to generate key pair for ssh. refer article How to enable SSH access using a GPG key for authentication | Opensource.com
going by this i infer you would need to backup your gpg private keys in order to generate the keys again.
Okay, I’ll try to rephrase it:
I want to have one single SSH key that is on the Nitrokey and on my local computer.
But I want to be able to use the SSH key without the Nitrokey or with only the Nitrokey (so on a seperate computer).
Basically what I want is a backup of the private key.
Okay so now i think i get what you are trying to say. So incase you don’t have a nk3 at hand but you still want to use that specific keypair to authenticate into ssh , then i think you will have to re-import the gpg private keys in the keyring which were used with ssh. Take a note the keytocard function will wipe the private keys in the system keyring. so thats why you will need to re-import it.
Now it should just work automatically without further configuration if you followed the earlier steps properly as the gpg-agent will be able to find the matching key-id of private key required to authenticate with.
Although then if private key is already in the keyring then , there is not much benefit to using nk3 on that machine.
Reference articles for full ssh gpg https://www.linode.com/docs/guides/gpg-key-for-ssh-authentication/#secure-your-gpg-key
