The gpg-agent should provide populate the comment field when providing a SSH
formatted key, ideally identifying the user (primary uid) or the gpg
authentication subkey's id or fingerprint.
The following detail was originally posted to the mailing list
The SSH public key format contains a comment field (RFC4716, s3.3.2):
The comment header contains a user-specified comment. email@example.com
From "man sshd":
Public keys consist of the following space-separated fields: options, keytype, base64-encoded key, comment. The comment field is not used for anything (but may be convenient for the user to identify the key).
If I load an SSH key from a file using 'ssh-add' the comment field is
populated with the file name (i.e. "alice.pem") if the gpg-agent does
not already contain that key.
If I do "ssh-add -L" I will see "alice.pem" at the end of the output:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 alice.pem
If the key is in the agent because of the gpg keyring then it is known
as "(none)". If I do "ssh-add -L" I will see "(none)" at the end of the
ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (none)
The reason that I stumbled upon this was because I was debugging a ssh
connection that used the gpg-agent and the ssh debugging output
displayed the following misleading output:
debug1: Offering RSA public key: (none)
which means the public key called "(none)" rather than, as I initially
interpreted it, no public key.
It's also useful client-side to see who a public key belongs to.
It would be good if the comment field reflected the key source, perhaps
the short (or long) key id. For example:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 (3A808C39)
Or even the primary uid of the key
ssh-rsa AAAAB3NzaC1yc2EAAAADAQAHT...IfFoxh2j13b3 firstname.lastname@example.org