|
Size: 789
Comment:
|
Size: 2791
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 1: | Line 1: |
| #acl All: | |
| Line 19: | Line 18: |
| == Use SSH == === Change codes === To use this, it's recommended that you put a PIN, a PUK and a management code on your Yubikey. To do this, start the GUI, or use the following commands: {{{ ykman piv change-pin ykman piv change-puk ykman piv change-management-key }}} The default codes for a new Yubikey are: * PIN: 123456 * PUK: 12345678 * Management: 010203040506070801020304050607080102030405060708 For more info about PIN, PUK, and Management keys, [[https://developers.yubico.com/yubikey-piv-manager/PIN_and_Management_Key.html|follow this link]] === Generate certificates === Now making the Yubikey understand SSH. Generate the private key, certificate and the public SSH-key. * Generate a private key {{{ ykman piv generate-key -a ECCP256 9a pubkey.pem }}} * Generate a certificate {{{ ykman piv generate-certificate -d 1826 -s "SSH Key" 9a pubkey.pem }}} * Convert the certificate to a ssh key {{{ ssh-keygen -i -m PKCS8 -f pubkey.pem > pubkey.txt }}} === Configuration === ==== Debian ==== Add on top to your SSH config file ''~/.ssh/config'': {{{ PKCS11Provider /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so }}} ==== Archlinux ==== Add on top to your SSH config file ''~/.ssh/config'': {{{ PKCS11Provider /usr/lib/opensc-pkcs11.so }}} ==== Mac OS X ==== For MacOSX, there's more to do: * Make sure you run [[https://brew.sh/|brew]] * Install opensc: {{{ brew install opensc }}} * Link the right library: {{{ sudo ln `brew list opensc |grep lib/opensc-pkcs11.so` /usr/local/lib/opensc-pkcs11.so }}} * And add on top to your SSH config file ''~/.ssh/config'': {{{ PKCS11Provider /usr/local/lib/opensc-pkcs11.so }}} And that's enough to make ssh possible. === SSH Agent === To be found out. |
|
| Line 20: | Line 84: |
| * A lot of information about linux and yubikey: [[https://wiki.archlinux.org/index.php/YubiKey]] | * [[https://wiki.archlinux.org/index.php/YubiKey]] A lot of information about linux and yubikey. * [[https://archive.fosdem.org/2018/schedule/event/smartcards_in_linux/attachments/slides/2265/export/events/attachments/smartcards_in_linux/slides/2265/smart_cards_slides.pdf]] FosDem presentation ---- CategoryHardware |
Contents
Passwords
One time passwords Mobile
Download the app 'authenticator' from the appstore or playstore.
- Insert your Yubikey in your phone.
- Right top, tap the + sign
- Add your OTP key
One time passwords Desktop
Download the app 'authenticator' from the website
- Insert your Yubikey in your computer.
- Right top, tap the + sign.
- Add your OTP key.
Use SSH
Change codes
To use this, it's recommended that you put a PIN, a PUK and a management code on your Yubikey. To do this, start the GUI, or use the following commands:
ykman piv change-pin ykman piv change-puk ykman piv change-management-key
The default codes for a new Yubikey are:
- PIN: 123456
- PUK: 12345678
- Management: 010203040506070801020304050607080102030405060708
For more info about PIN, PUK, and Management keys, follow this link
Generate certificates
Now making the Yubikey understand SSH. Generate the private key, certificate and the public SSH-key.
- Generate a private key
ykman piv generate-key -a ECCP256 9a pubkey.pem
- Generate a certificate
ykman piv generate-certificate -d 1826 -s "SSH Key" 9a pubkey.pem
- Convert the certificate to a ssh key
ssh-keygen -i -m PKCS8 -f pubkey.pem > pubkey.txt
Configuration
Debian
Add on top to your SSH config file ~/.ssh/config:
PKCS11Provider /usr/lib/x86_64-linux-gnu/pkcs11/opensc-pkcs11.so
Archlinux
Add on top to your SSH config file ~/.ssh/config:
PKCS11Provider /usr/lib/opensc-pkcs11.so
Mac OS X
For MacOSX, there's more to do:
Make sure you run brew
- Install opensc:
brew install opensc
- Link the right library:
sudo ln `brew list opensc |grep lib/opensc-pkcs11.so` /usr/local/lib/opensc-pkcs11.so
And add on top to your SSH config file ~/.ssh/config:
PKCS11Provider /usr/local/lib/opensc-pkcs11.so
And that's enough to make ssh possible.
SSH Agent
To be found out.
More information
https://wiki.archlinux.org/index.php/YubiKey A lot of information about linux and yubikey.
https://archive.fosdem.org/2018/schedule/event/smartcards_in_linux/attachments/slides/2265/export/events/attachments/smartcards_in_linux/slides/2265/smart_cards_slides.pdf FosDem presentation