Does anyone use a yubikey - have any guides for ssh

I'm looking for a current guide or help in adding a Yubikey 5 for ssh. seeing a number of differing items - i don't have the experience to sort through the differences. and it looks like i will have to replace dropbear with openssh? Has anyone used yubikey with their ssh login?

I don't have a Yubikey, but I am using an OpenSC supported smartcards to logon and this is very secure. It is fully integrated with ssh client and this allows to connect automatically with hard crypto.

Visit for more information.

Usually, Yubikeys are fully supported by OpenSC. Export your SSH public key from the Yubikey. Install it in ./ssh/authorized_keys et voilà. OpenSC PKCS#11 provider handles the rest. There should be a Yubikey guide on OpenSC site.

1 Like

so what sits on the router ? is it PAM?

thanks for that i'll take a look

Yubikey released a PKCS#11 provider. You can probably use OpenSC PKCS#11 provider directly, it is the strandard for crypto tokens.

You can connect directly with ssh -I XXX/
If you were using OpenSC, just type: ssh, it can't be more simple.

OpenSC guide is here:

1 Like

This is an old thread, but showed up in my search.

You do not need OpenSC or PAM if you use the gnupg applet on the yubikey. I personally use the gnupg smartcard with an ssh-agent for public key authentication against the standard OpenWRT ssh server.

This is a very detailed intro on how to generate the pgp keys and store them on the yubikey: