marfillaster/guide.md

Last active March 8, 2023 08:36

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/marfillaster/22f44d53f4794c78c52ce745ab81ccdb.js"></script>
Save marfillaster/22f44d53f4794c78c52ce745ab81ccdb to your computer and use it in GitHub Desktop.

yubikey ssh ykcs11 in osx

Raw

# ~/.ssh/config
Host *
    PKCS11Provider /usr/local/lib/libykcs11.dylib

brew install ykman yubico-piv-tool

# Generate key
ykman piv keys generate -aRSA2048 --pin-policy ONCE --touch-policy NEVER 9a public.pem


# Generate self signed key
ykman piv certificates generate -s "CN=yubi-1 ssh" -aSHA256  9a public.pem

# Generate openssh public key to be added in remote authorized_keys
yubico-piv-tool -a status -a verify-pin -a read-certificate -s 9a -KSSH