... | @@ -91,7 +91,8 @@ using that to store SSH keys, which can therefore be used to |
... | @@ -91,7 +91,8 @@ using that to store SSH keys, which can therefore be used to |
|
authenticate against servers.
|
|
authenticate against servers.
|
|
|
|
|
|
[This Yubico guide](https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) shows you how to configure such keys,
|
|
[This Yubico guide](https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) shows you how to configure such keys,
|
|
recognizable from their `-sk` suffix (e.g. `ed25519-sk`).
|
|
recognizable from their `-sk` suffix (e.g. `ed25519-sk`). See also
|
|
|
|
[this GitHub guide](https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations/).
|
|
|
|
|
|
This is the recommended method for users who want to use their YubiKeys for SSH
|
|
This is the recommended method for users who want to use their YubiKeys for SSH
|
|
connections to GitLab, GitHub, Debian servers, etc.
|
|
connections to GitLab, GitHub, Debian servers, etc.
|
... | @@ -112,6 +113,9 @@ YubiKey and then use that key to authenticate to SSH servers. TPA may |
... | @@ -112,6 +113,9 @@ YubiKey and then use that key to authenticate to SSH servers. TPA may |
|
eventually sublime this rather long guide in a simpler version
|
|
eventually sublime this rather long guide in a simpler version
|
|
specifically tailored for you, possibly based on [anarcat's guide](https://anarc.at/blog/2015-12-14-yubikey-howto/#configuring-a-pin).
|
|
specifically tailored for you, possibly based on [anarcat's guide](https://anarc.at/blog/2015-12-14-yubikey-howto/#configuring-a-pin).
|
|
|
|
|
|
|
|
Also review the [Ultimate Yubikey Setup Guide with ed25519!](https://zach.codes/ultimate-yubikey-setup-guide/) and
|
|
|
|
the [other documentation](#other-documentation) section.
|
|
|
|
|
|
## SSH RSA authentication in PIV mode
|
|
## SSH RSA authentication in PIV mode
|
|
|
|
|
|
This guide should be followed if you want to use SSH without depending
|
|
This guide should be followed if you want to use SSH without depending
|
... | | ... | |