I'm looking for a current guide or help in adding a Yubikey 5 for ssh. seeing a number of differing items - i don't have the experience to sort through the differences. and it looks like i will have to replace dropbear with openssh? Has anyone used yubikey with their ssh login?
I don't have a Yubikey, but I am using an OpenSC supported smartcards to logon and this is very secure. It is fully integrated with ssh client and this allows to connect automatically with hard crypto.
Visit https://github.com/OpenSC/OpenSC/wiki for more information.
Usually, Yubikeys are fully supported by OpenSC. Export your SSH public key from the Yubikey. Install it in ./ssh/authorized_keys et voilà. OpenSC PKCS#11 provider handles the rest. There should be a Yubikey guide on OpenSC site.
so what sits on the router ? is it PAM?
thanks for that i'll take a look
Yubikey released a PKCS#11 provider. You can probably use OpenSC PKCS#11 provider directly, it is the strandard for crypto tokens.
OpenSC guide is here: