秘密鍵、管理してますか? YubiKeyで鍵の一元管理とSSH接続、２段階認証の高速化を試す ref: https://qiita.com/dseg/items/77d77467970b1b510285

config

PKCS11Provider opensc-pkcs11.dll

file0.bat

C:\>yubico-piv-tool -a status
CHUID:  No data available
Slot 9a:        No data available.
Slot 9c:        No data available.
Slot 9d:        No data available.
Slot 9e:        No data available.
PIN tries left: 3

file1.bat

C:\> yubico-piv-tool -a status
CHUID:  3019d4e739da739ced39ce739d836858210842108421384210c3f534101b4434c29e36e6
e33decc520807b56a8350832303330303130313e00fe00
Slot 9a:
        Algorithm:      RSA2048
        Subject DN:     CN=SSH key
        Issuer DN:      CN=SSH key
        Fingerprint:    d02a231d53230664df8d766cf7a7aadc1e74e7f43f98bc7802cdd0b2
98ed4f2d
        Not Before:     Nov 25 11:45:50 2015 GMT
        Not After:      Nov 24 11:45:50 2016 GMT
Slot 9c:        No data available.
Slot 9d:        No data available.
Slot 9e:        No data available.
PIN tries left: 3

file10.bat

REM 管理パスワードは必ず48文字(24byte)の英数字

C:> yubico-piv-tool -a set-mgm-key -n 0807605403020108070605040302010807060504030201

file11.bat

C:> openssh -I opensc-pkcs11.dll [email protected]

file13.bat

C:> ssh-keygen -E md5 -lf id_ssh.pub
2048 MD5:b2:dd:f7:3d:35:40:6e:94:f2:6f:aa:ce:2e:23:ad:84 PIV AUTH pubkey (RSA)

file14.bat

C:> ssh-keygen -lf id_ssh.pub
2048 b2:dd:f7:3d:35:40:6e:94:f2:6f:aa:ce:2e:23:ad:84 /c/Users/d-shinozaki/.ssh/yubikeyneo.pub (RSA)

file2.bat

REM 公開鍵はローカルファイルにも出力しておく

C:>yubico-piv-tool -s 9a -a generate -o public.pem
Successfully generated a new private key.

file3.bat

REM -S オプションについて、CN=一般名 O=機関名

C:>yubico-piv-tool -a verify-pin -P 123456 -a selfsign-certificate -s 9a -S "/CN=SSH key/" -i public.pem -o cert.pem

Successfully verified PIN.
Successfully generated a new self signed certificate.

file4.bat

C:>yubico-piv-tool -a import-certificate -s 9a -i cert.pem

file5.bat

C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs15-tool --read-public-key
 1
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID 0
Please enter PIN [PIV Card Holder pin]: 2015-12-01 00:17:40.105 cannot lock memo
ry, sensitive data may be paged to disk
-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8jcJZelTVppQju8JNxp
dkZoguyEFDFiDUneQa/vD5rTPI7s3j6hGxuWjdMbM2+I8sj+lxFciCgSxdF29hQJ
mnZziPq3MNWYX6KAJnxs5FcNtxS37+LoZbPRevljlnzPtnRgb+KYZrG36GF7GJD5
08Pk2WfXiHNA80OCmitJaoSrLU0jKwrbIiimGrW+ir3xPxaZ04gvqD8IFZ23Y5+S
Avf/L3B9Qd0pxriCrADn4h0kEY7wSX9zASnQFwpjBkcGvaMIaR/spqPzCnXD30oX
C6tsMDp8gwGgnigd+ReadXaAE+IRKi2jESV27aYaRuPn66ikrkLB/04SbnZMq5I4
IQIDAQAB
-----END PUBLIC KEY-----

file6.bat

C:\Program Files (x86)\OpenSC Project\OpenSC\tools>pkcs15-tool --read-ssh-key 1
Using reader with a card: Yubico Yubikey NEO OTP+U2F+CCID 0
Please enter PIN [PIV Card Holder pin]: 2015-12-01 00:18:04.585 cannot lock memo
ry, sensitive data may be paged to disk
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCLyNwll6VNWmlCO7wk3Gl2RmiC7IQUMWINSd5Br+8P
mtM8juzePqEbG5aN0xszb4jyyP6XEVyIKBLF0Xb2FAmadnOI+rcw1ZhfooAmfGzkVw23FLfv4uhls9F6
+WOWfM+2dGBv4phmsbfoYXsYkPnTw+TZZ9eIc0DzQ4KaK0lqhKstTSMrCtsiKKYatb6KvfE/FpnTiC+o
PwgVnbdjn5IC9/8vcH1B3SnGuIKsAOfiHSQRjvBJf3MBKdAXCmMGRwa9owhpH+ymo/MKdcPfShcLq2ww
OnyDAaCeKB35F5p1doAT4hEqLaMRJXbtphpG4+frqKSuQsH/ThJudkyrkjgh PIV AUTH pubkey

file7.bat

C:\> ssh-keygen -D opensc-pkcs11.dll
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCLyNwll6VNWmlCO7wk3Gl2RmiC7IQUMWINSd5Br+8P
mtM8juzePqEbG5aN0xszb4jyyP6XEVyIKBLF0Xb2FAmadnOI+rcw1ZhfooAmfGzkVw23FLfv4uhls9F6
+WOWfM+2dGBv4phmsbfoYXsYkPnTw+TZZ9eIc0DzQ4KaK0lqhKstTSMrCtsiKKYatb6KvfE/FpnTiC+o
PwgVnbdjn5IC9/8vcH1B3SnGuIKsAOfiHSQRjvBJf3MBKdAXCmMGRwa9owhpH+ymo/MKdcPfShcLq2ww
OnyDAaCeKB35F5p1doAT4hEqLaMRJXbtphpG4+frqKSuQsH/ThJudkyrkjgh

file8.bat

REM 凡例 yubico-piv-tool -a change-pin -P [old PIN] -N [new PIN]

C:> yubico-piv-tool -a change-pin -P 123456 -N PIN0

file9.bat

REM 凡例 yubico-piv-tool -a change-puk -P [old PIN] -N [new PIN]

C:> yubico-piv-tool -a change-puk -P 12345678 -N PUK1