Does anyone use a yubikey - have any guides for ssh

I'm looking for a current guide or help in adding a Yubikey 5 for ssh. seeing a number of differing items - i don't have the experience to sort through the differences. and it looks like i will have to replace dropbear with openssh? Has anyone used yubikey with their ssh login?

I don't have a Yubikey, but I am using an OpenSC supported smartcards to logon and this is very secure. It is fully integrated with ssh client and this allows to connect automatically with hard crypto.

Visit https://github.com/OpenSC/OpenSC/wiki for more information.

Usually, Yubikeys are fully supported by OpenSC. Export your SSH public key from the Yubikey. Install it in ./ssh/authorized_keys et voilà. OpenSC PKCS#11 provider handles the rest. There should be a Yubikey guide on OpenSC site.

1 Like

so what sits on the router ? is it PAM?

thanks for that i'll take a look

https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html

Yubikey released a PKCS#11 provider. You can probably use OpenSC PKCS#11 provider directly, it is the strandard for crypto tokens.

You can connect directly with ssh -I XXX/libykcs11.so user@remote.example.com
If you were using OpenSC, just type: ssh user@remote.example.com, it can't be more simple.

OpenSC guide is here:

1 Like