mantono · January 26, 2023 12:25
diff --git a/gpg2_pass_ssh_github.txt b/gpg2_pass_ssh_github.txt
 # Ubuntu
 sudo apt install libpam-yubico yubikey-personalization yubioath-desktop gnupg2 gnupg-agent pcscd libpcsclite1 opensc gpgsm

 # Arch - https://wiki.archlinux.org/index.php/yubikey
 pacman -S gnupg opensc yubico-c yubico-c-client yubico-pam yubikey-personalization yubikey-personalization-gui pcsc-tools

 # Gentoo 
 # Use flag should be persisted in make.conf to keep this
 USE="security-key smartcard" emerge yubikey-manager sys-auth/polkit sys-apps/dbus

 # Add / start pcscd with systemd
 systemctl enable pcscd
 systemctl start pcscd

 # Add / start dbus
 rc-config add dbus default
 rc-config start pcscd

 # Add / start pcsch with open-rc
 rc-config add pcscd default
 rc-config start pcscd

 # Add regular user to pcscd group so they can also access the Yubikey
 usermod -a -G pcscd anton

 # Check that proper permissions are given to use as more than just an USB device
 ykman list

 # On issues, user this to obtain more information
 ykman --diagnose

 # Expected response is something like "capabilities: 0c01013f0204004110e503013f"
 # If "USB error: Access denied (insufficient permissions)" is given for normal user but not for root
 # then udev rules need to be updated 
 # See http://stafwag.github.io/blog/blog/2015/06/16/using-yubikey-neo-as-gpg-smartcard-for-ssh-authentication/
 # Append OWNER="username", MODE="0600" to /usr/lib/udev/rules.d/69-yubikey.rules so it changes from something like

 # BEFORE
 ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", \
    ENV{ID_SECURITY_TOKEN}="1"
    
 # AFTER
 ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010|0110|0111|0114|0116|0401|0403|0405|0407|0410", \
    OWNER="anton", MODE="0600", ENV{ID_SECURITY_TOKEN}="1"

 # Then reload the udev rules
 udevadm control --reload
 udevadm trigger

 # Do not start GPG from command line / xinitrx if GPG >= 2.1
 # Import/download public key / private key stub
 gpg2 --card-edit
 # And enter command "fetch"

 # Start gpg-agent (maybe not neccessary??)
 pkill ssh-agent ; pkill gpg-agent;
 eval $(gpg-agent --daemon --enable-ssh-support --log-file ~/.gnupg/gpg-agent.log)
 # Somestimes this is also neccessart for changes to take effect
 gpg-connect-agent reloadagent /bye

 ##### gpg-agent.conf #####

 default-cache-ttl 1800
 max-cache-ttl 3600
 pinentry-program /usr/bin/pinentry-gtk-2
 enable-ssh-support

 # Look up read-port number with command "lsusb|grep Yubikey"
 ##### scdaemon.conf ######
 card-timeout 600
 reader-port 1050:0407:X:0

 # For ssh authentication with GitHub
 # https://github.com/drduh/YubiKey-Guide#ssh
 # https://wiki.archlinux.org/index.php/yubikey#SSHD_configuration

 ## Other docs
 https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG
	# Ubuntu
	sudo apt install libpam-yubico yubikey-personalization yubioath-desktop gnupg2 gnupg-agent pcscd libpcsclite1 opensc gpgsm

	# Arch - https://wiki.archlinux.org/index.php/yubikey
	pacman -S gnupg opensc yubico-c yubico-c-client yubico-pam yubikey-personalization yubikey-personalization-gui pcsc-tools

	# Gentoo
	# Use flag should be persisted in make.conf to keep this
	USE="security-key smartcard" emerge yubikey-manager sys-auth/polkit sys-apps/dbus

	# Add / start pcscd with systemd
	systemctl enable pcscd
	systemctl start pcscd

	# Add / start dbus
	rc-config add dbus default
	rc-config start pcscd

	# Add / start pcsch with open-rc
	rc-config add pcscd default
	rc-config start pcscd

	# Add regular user to pcscd group so they can also access the Yubikey
	usermod -a -G pcscd anton

	# Check that proper permissions are given to use as more than just an USB device
	ykman list

	# On issues, user this to obtain more information
	ykman --diagnose

	# Expected response is something like "capabilities: 0c01013f0204004110e503013f"
	# If "USB error: Access denied (insufficient permissions)" is given for normal user but not for root
	# then udev rules need to be updated
	# See http://stafwag.github.io/blog/blog/2015/06/16/using-yubikey-neo-as-gpg-smartcard-for-ssh-authentication/
	# Append OWNER="username", MODE="0600" to /usr/lib/udev/rules.d/69-yubikey.rules so it changes from something like

	# BEFORE
	ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010\|0110\|0111\|0114\|0116\|0401\|0403\|0405\|0407\|0410", \
	ENV{ID_SECURITY_TOKEN}="1"

	# AFTER
	ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0010\|0110\|0111\|0114\|0116\|0401\|0403\|0405\|0407\|0410", \
	OWNER="anton", MODE="0600", ENV{ID_SECURITY_TOKEN}="1"

	# Then reload the udev rules
	udevadm control --reload
	udevadm trigger

	# Do not start GPG from command line / xinitrx if GPG >= 2.1
	# Import/download public key / private key stub
	gpg2 --card-edit
	# And enter command "fetch"

	# Start gpg-agent (maybe not neccessary??)
	pkill ssh-agent ; pkill gpg-agent;
	eval $(gpg-agent --daemon --enable-ssh-support --log-file ~/.gnupg/gpg-agent.log)
	# Somestimes this is also neccessart for changes to take effect
	gpg-connect-agent reloadagent /bye

	##### gpg-agent.conf #####

	default-cache-ttl 1800
	max-cache-ttl 3600
	pinentry-program /usr/bin/pinentry-gtk-2
	enable-ssh-support

	# Look up read-port number with command "lsusb\|grep Yubikey"
	##### scdaemon.conf ######
	card-timeout 600
	reader-port 1050:0407:X:0

	# For ssh authentication with GitHub
	# https://github.com/drduh/YubiKey-Guide#ssh
	# https://wiki.archlinux.org/index.php/yubikey#SSHD_configuration

	## Other docs
	https://support.yubico.com/hc/en-us/articles/360013714479-Troubleshooting-Issues-with-GPG