Last active
June 16, 2016 00:30
-
-
Save ryankurte/a779babe0e93df5c84bb to your computer and use it in GitHub Desktop.
Yubikey NEO/4 GPG Setup
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| SUBSYSTEMS=="usb", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0115", OWNER="USERNAME" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Connect to an SSH server using the gpg agent for authentication | |
| SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh scp ${@:2} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #Connect to an SSH server using the gpg agent for authentication | |
| SSH_AUTH_SOCK=~/.gnupg/S.gpg-agent.ssh ssh ${@:2} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Script to setup Yubikey PGP for SSH authentication on Linux | |
| # MacOS works similarly, though gpgtools must be installed from https://gpgtools.org/ and udev rules are not required | |
| # | |
| # See https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ for more details. | |
| # If you're using gnome, you also need to follow the instructions here: | |
| # http://blog.josefsson.org/2015/01/02/openpgp-smartcards-and-gnome/ | |
| # | |
| # To convert GPG public key to SSH public key for ~/.ssh/authorized_keys use `gpgkey2ssh FINGERPRINT` | |
| # Check user id is not root | |
| if [ "$(id -u)" == "0" ]; then | |
| echo "This script should be run as a user" 1>&2 | |
| exit 1 | |
| fi | |
| USER=$(whoami) | |
| # Copy and reload udev rules | |
| sudo cp 99-yubikey-neo.rules /etc/udev/rules.d | |
| sudo sed -i '.bkp' "s/USERNAME/$USER/g" /etc/udev/rules.d/99-yubikey-neo.rules | |
| sudo udevadm control --reload-rules | |
| # Force GPG to fetch keys from the device | |
| # This will try to fetch the keys from the provided public key URL | |
| gpg --list-keys | |
| # Enable gpg-agent as an SSH authentication provider | |
| echo "use-agent" >> ~/.gnupg/gpg.conf | |
| echo "enable-ssh-support" >> ~/.gnupg/gpg-agent.conf | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment