Skip to content

Instantly share code, notes, and snippets.

@kasecato

kasecato/FIDO2_4_windows_11.md

Last active February 23, 2025 07:51
Show Gist options
  • Save kasecato/8e9910b1a46f7adcb5aac70150313a80 to your computer and use it in GitHub Desktop.
Save kasecato/8e9910b1a46f7adcb5aac70150313a80 to your computer and use it in GitHub Desktop.
Download ZIP
Git FIDO2 for Windows 11
Raw
FIDO2_4_windows_11.md 
# Uninstall the OpenSSH Client
# https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse?tabs=powershell#uninstall-openssh-for-windows
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0

# Install FIDO2 / OpenSSH-Win64.zip
# https://github.com/PowerShell/Win32-OpenSSH/wiki/Install-Win32-OpenSSH#install-win32-openssh-test-release
explorer "https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v8.9.1.0p1-Beta"
mv ./OpenSSH-Win64/ "C:\Program Files\"
cd "C:\Program Files\OpenSSH-Win64"
powershell.exe -ExecutionPolicy Bypass -File install-sshd.ps1

# Add PATH to your System for your command line
rundll32 sysdm.cpl,EditEnvironmentVariables

# Start ssh-agent
# https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_keymanagement#user-key-generation
# By default the ssh-agent service is disabled. Configure it to start automatically.
# Make sure you're running as an Administrator.
Get-Service ssh-agent | Set-Service -StartupType Automatic

# Start the service
Start-Service ssh-agent

# This should return a status of Running
Get-Service ssh-agent

# Generate key to ~/.ssh/
# https://github.com/PowerShell/Win32-OpenSSH/wiki/FIDO---U2F-usage
# Cannot use -O "no-touch-required" for now
ssh-keygen -t ed25519-sk -O "resident" -C "[email protected]"
mkdir ~/.ssh/authorized_keys
mv ~/.ssh/id_ed25519_sk.pub ~/.ssh/authorized_keys/
cat ~/.ssh/authorized_keys/id_ed25519_sk.pub

# Telling Git about your signing key
# https://docs.github.com/en/authentication/managing-commit-signature-verification/telling-git-about-your-signing-key#telling-git-about-your-ssh-key
git config --global gpg.format ssh
## Don't forget to add 'key::', https://dev.to/li/correctly-telling-git-about-your-ssh-key-for-signing-commits-4c2c
git config --global user.signingKey 'key::ssh-ed25519 AAAAC3(...) [email protected]'
git config --global core.sshCommand "'C:\Program Files\OpenSSH-Win64\ssh.exe'"
git config --global commit.gpgSign true

# Adding a new SSH key to your GitHub account
explorer "https://github.com/settings/keys"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment