SSH authentication can be done using OpenPGP key. This article explain how.
Use gpg-agent for SSH-agent service
OpenSSH provides a command named ssh-agent. It handles user's SSH key.
There are alternatives for ssh-agent of OpenSSH for the service, such as GNOME Keyring, Seahorse, or gpg-agent. Those alternatives do same service as ssh-agent, possibly in a different way.
In case of using gpg-agent, we can use OpenPGP key to authenticate SSH access. This is our approach, because we want to use OpenPGP key.
To do that, create ~/.gnupg/gpg-agent.conf file with the following content.
Note that we need to arbitrate programs which want to service as ssh-agent. We need to only enable gpg-agent to do the ssh-agent service.
For Debian Wheezy I do that:
Disable original ssh-agent by commenting out use-ssh-agent line in /etc/X11/Xsession.options
Don't install seahorse package
Configure GNOME Keyring not to service as ssh-agent and gpg-agent by (remove radio check buttons for "GPG Password Agent" and "SSH Key Agent", in the tab of "Startup Programs"):
Using GnuPG's Authentication subkey for SSH
When you are using smartcard or token for GnuPG, it's just a configuration matter. Please skip to next section.
When you are using OpenPGP keys on your normal storage, please follow this instruction.
At first, you need to generate authentication subkey, and register it. Use "monkeysphere" program to do that. It's two steps:
$ monkeysphere gen-subkey $ monkeysphere subkey-to-ssh-agent
First step is to add authentication subkey to your GnuPG primary key. (Instead, you can do that by GnuPG, using --edit-key with --expert option, but it's somewhat lengthy.)
Second step is to register those authentication subkeys under control of SSH agent service of gpg-agent. (If your GnuPG is development version 2.1.x, this step is not required.)
You can examine your key by:
$ gpg --edit-key <YOUR_ID> [...] gpg> quit $
and you will see a subkey with "usage A" flag.
When you need this key in OpenSSH format, type:
$ gpgkey2ssh <YOUR-SUBKEY-ID-IN-UPPERCASE-HEXADECIMAL>
to get the public key information to be used for your ~/.ssh/authorized_keys on your remote server.
See the article Use OpenPGP Keys for OpenSSH (archive.org) too, where I got this knowledge.
Using OpenPGP card or Gnuk Token for SSH
When you're using smartcard or token, it's simpler, as it has an authentication subkey by default.
You just need to invoke gpgkey2ssh when you need the public key in OpenSSH format.