Differences between revisions 3 and 6 (spanning 3 versions)
Revision 3 as of 2019-12-11 14:16:35
Size: 789
Editor: Sciuro
Comment:
Revision 6 as of 2020-01-06 16:07:40
Size: 1634
Editor: Sciuro
Comment:
Deletions are marked like this. Additions are marked like this.
Line 1: Line 1:
#acl All: #acl All:read
Line 19: Line 19:
== Use SSH ==
=== Change codes ===
To use this, it's recommended that you put a PIN, a PUK and a management code on your Yubikey. To do this, start the GUI, or use the following commands:
{{{
ykman piv change-pin
ykman piv change-puk
ykman piv change-management-key
}}}

The default codes for a new Yubikey are:
 * PIN: 123456
 * PUK: 12345678
 * Management: 010203040506070801020304050607080102030405060708

=== Generate certificates ===
Now making the Yubikey understand SSH.
 * Generate a private key (EC will not work at the moment)
{{{
ykman piv generate-key -a RSA2048 9a pubkey.pem
}}}
 * Generate a certificate
{{{
ykman piv generate-certificate -d 1826 -s "SSH Key" 9a pubkey.pem
}}}
 * Convert certificate to a ssh key
{{{
ssh-keygen -i -m PKCS8 -f pubkey.pem > pubkey.txt
}}}
Line 21: Line 50:
----
CategoryHardware

Contents

  1. Passwords
    1. One time passwords Mobile
    2. One time passwords Desktop
    3. Use SSH
      1. Change codes
      2. Generate certificates
  2. More information

Passwords

One time passwords Mobile

  • Download the app 'authenticator' from the appstore or playstore.

  • Insert your Yubikey in your phone.
  • Right top, tap the + sign
  • Add your OTP key

One time passwords Desktop

  • Download the app 'authenticator' from the website

  • Insert your Yubikey in your computer.
  • Right top, tap the + sign.
  • Add your OTP key.

Use SSH

Change codes

To use this, it's recommended that you put a PIN, a PUK and a management code on your Yubikey. To do this, start the GUI, or use the following commands: 

ykman piv change-pin
ykman piv change-puk
ykman piv change-management-key

The default codes for a new Yubikey are:

  • PIN: 123456
  • PUK: 12345678
  • Management: 010203040506070801020304050607080102030405060708

Generate certificates

Now making the Yubikey understand SSH.

  • Generate a private key (EC will not work at the moment) 

ykman piv generate-key -a RSA2048 9a pubkey.pem
  • Generate a certificate 

ykman piv generate-certificate -d 1826 -s "SSH Key" 9a pubkey.pem
  • Convert certificate to a ssh key 

ssh-keygen -i -m PKCS8 -f pubkey.pem > pubkey.txt

More information

CategoryHardware

Howto/Yubikey (last edited 2022-04-17 20:23:30 by Sciuro)