GPG can be used as SSH agent, which allows you to store your keys on a smartcard rather than on a (easy to compromise) computer. This is how it's done.

I'm assuming the smartcard is already set up. To try, ask GPG to print out information about the smartcard:

gpg --card-status

Set up the server side

Register your key on the machine you want to log in to.

gpgkey2ssh $KEYID | ssh user@host 'cat >> .ssh/authorized_keys2'

(You may want to use an intermediate file if you need further editing to the list of authorized keys, e.g. for restriction on what they key is allowed to do.)

Set up the client side

Enable SSH support in GPG agent

echo enable-ssh-support >> $HOME/.gnupg/gpg-agent.conf
gpg-connect-agent /bye  # restart agent

In your shell, set the SSH agent environment variables, so that SSH knows how to talk to the GPG agent. (This is also documented in the gpg-agent man page.)

unset SSH_AGENT_PID
export SSH_AUTH_SOCK=$HOME/.gnupg/S.gpg-agent.ssh

You may want to put this into your .bashrc.

Is this even a good idea?

Some relevant questions:

• Do you trust gpg-agent more than ssh-agent?
  • Do you trust it enough to tunnel it to remote hosts? (If you're using SSH agent forwarding)
• Do you want to plug in your PGP keys and enter the PIN when doing SSH autentication? (If you're storing them on the same card; avoiding unnecessary exposure seems like a good idea.)

You can compare the source code here:

• GPG Agent
• SSH Agent