Host * IdentityFile ~/.ssh/id_rsa_gpg.pub IdentitiesOnly yes Enable SSH agent forwarding in ~/.gnupg/gpg-agent.conf :
sudo pacman -S gnupg pcsc-tools Plug in your dongle and check if the system sees it: gpg dongle setup
ssh -T git@github.com # Should prompt for PIN then authenticate Sign a file gpg --sign document.txt # Prompts for PIN on the dongle Decrypt a file gpg --decrypt secret.gpg List keys on card gpg --card-status Change PIN gpg --card-edit gpg/card> admin gpg/card> passwd Step 7: Backup & Recovery Critical : Backup your revocation certificate immediately: Host * IdentityFile ~/