I bought a YubiKey now What: Basic SSH with your yubikey
Вставка
- Опубліковано 25 чер 2024
- One of the most interesting features of YubiKey is the ability to use it to store the private key for SSH. With Elliptic curve algorithm, usually ED25519 you can just use the -sk suffix to ask ssh-keygen to create SSH keys that resides inside your physical YubiKey.
▬ Contents of this video ▬▬▬▬▬▬▬▬▬▬
00:00 - Introduction
01:18 - Create your first key
04:14 - Copy public key into remote server
06:45 - Access your server with SSH key from your yubikey
08:13 - Use config file to specify user and key for each server
09:25 - Conclusions - Наука та технологія
Hey Gian! Your Yubikey playlist has been incredibly helpful-I've learned a lot! Thanks for creating it. Just a quick note: in the video, you mentioned the SSH Private key as a "reference," but it's actually the genuine PRIVATE KEY encrypted with the Yubikey's master key. Also, the SSH Private key isn't stored in the Yubikey; instead, the Yubikey decrypts it when you connect. I noticed this distinction after watching your follow-up videos on resident keys. Adding a note in the description could clarify this for future viewers. Thanks for your great content!
Thanks, following official documentation (developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) the private key should be stored inside the key.
…
The first file, id_ecdsa_sk, contains a reference to the private key credential stored on the YubiKey. The second file ,id_ecdsa_sk.pub, contains the public key
I adore how well explained these tutorials are. At the moment would it be possible to use other Windows Hello methods to generate a key pair? I tried to use smartphone passkeys and a laptop fingerprint sensor but I wasn't able to generate any public key
I'm not aware of that kind of support. Actually yubikey can be used as a passkey (I configured with GitHub and other account), but using smartphone or fingerprint sensor does not actually require a Yubikey and are differnent form of passkeys as far as I know.
Great video. What’s this fake private key format on disk
It is not a fake key, it refers to the physical key stored in YubiKey.
What if you lose the private key which resides on a machine? can I still log in to a remote device just by using a private key on my YubiKey? Is there a way to derive the lost key from the private key that resides in YubiKey?
If you choose resident key you can extract with a specific command check ua-cam.com/video/jYb7l7mbhLM/v-deo.htmlfeature=shared
Thank u very much. Works great. But i have 2 questions
Can i use it also in Putty?
I have 3 Yubikeys.
How can i configure it that my Clients (2x Laptops/1x Desktop) can use all 3 yubikeys?
Maybe u can help me/us
Thank u.
Actually you can use your keys on any computer you want. When you first create the SSH key you get a private key (that is only a SHIM key that points to the right physical key). You can copy that private key on any computer you want.
You can also create resident key, where you can extract the SHIM key with command line tool.
I do not use putty from long time but from official documentation it seems that it has no problem with your yubi: developers.yubico.com/PGP/SSH_authentication/Windows.html
Hi, friend! Thank you for the video, but I noticed that when you create an authorized_keys file, you do not assign rights to it. By default, the mask of the created files is 022. That is, the user and his group will have read and write access, while other users will only have read access.
Accordingly, at the ssh connection stage, the client will display an error stating that the rights to the authorized_keys file have security problems. It makes sense to mention this! Gracias Señor!
Actually I've tried only on Windows, but yes, you are right, in linux is possible that you need to change permission to created file, as you would normally do with an RSA key.
Thank You for the Tutorial in Linux it works but on Windows the Window to confirm the Presence does not open
Tro to upgrade SSH to the latest version, which version do you have? Also if you have a RSA key you probably should create a config file to choose the right key
@@codewrecks ssh -V prints Out OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3 with win 11 64bit
You are using the old version included with the OS. You need to install the new one github.com/PowerShell/Win32-OpenSSH
@@codewrecks thank you now its working
@@RIPenemie Glad to be useful :), indeed that is the most common error, because windows changed how SSH was deployed