软件环境需要安装GPG2。

$ gpg --version
gpg (GnuPG/MacGPG2) 2.0.28
libgcrypt 1.6.3
Copyright (C) 2015 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

Home: ~/.gnupg
Supported algorithms:
Pubkey: RSA, RSA, RSA, ELG, DSA
Cipher: IDEA, 3DES, CAST5, BLOWFISH, AES, AES192, AES256, TWOFISH,
        CAMELLIA128, CAMELLIA192, CAMELLIA256
Hash: MD5, SHA1, RIPEMD160, SHA256, SHA384, SHA512, SHA224
Compression: Uncompressed, ZIP, ZLIB, BZIP2

运行以下脚本，为GnuPG增加SSH支持：

$ echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf

重新启动计算机或重启gpg-agent进程：

$ pkill gpg-agent

查看OpenPGP卡的状态：

$ gpg --card-status

通过gpg -K OR gpg --edit key #KEY_ID#查看制作卡片时用途为A的KEY ID(XXXXXXXX)。

通过gpgkey2ssh命令根据Auth Key生成SSH用的id_rsa.pub：

$ gpgkey2ssh XXXXXXXX

或：

$ ssh-add -L

把拿到的id_rsa.pub字符串放到服务器的~/.ssh/authorized_keys文件中。

运行如下命令或把下面命令加到~/.profile文件中：

$ export SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh

如果GnuPG未安装在默认文件夹中，可以通过如下命令获取：

$ gpg-connect-agent "getinfo ssh_socket_name" /bye

现在你就可以SSH到你的服务器了：

$ ssh accout@host

GnuPG会要求输入用户PIN码，如下图：

1. https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ - PGP and SSH keys on a Yubikey NEO
2. https://github.com/herlo/ssh-gpg-smartcard-config - Configuration to use gpg smartcards for ssh authentication