Skip to content

Instantly share code, notes, and snippets.

View windgazer's full-sized avatar

Martin Reurings windgazer

8 followers · 4 following
View GitHub Profile
@buswedg
buswedg / YubiKey for FIDO2 Auth on WSL2 (Ubuntu).md
Last active November 19, 2025 15:47

YubiKey for FIDO2 Auth on WSL2 (Ubuntu)

What?

I got my hands on a new YubiKey 5 over the weekend. For those unaware, this is a pretty well-known security key which provides options for hardware authentication using a variety of different protocols (e.g. FIDO2, OpenPGP etc.). I was keen to try this out for authenticating with GitHub and also handling SSH credentials when accessing servers I'm running on my local network.

The problem however, is that I'm a pretty heavy WSL (Ubuntu) user and needed something which plays well in that environment. I didn't think about it too much when I initially ordered the YubiKey, but worked out over the weekend that getting a USB device (particularly a security key) to play nicely with WSL, isn't exactly straight forward. So, I did a write-up of the steps I ended up taking for others (or myself) to refer back to.

References

@Kranzes
Kranzes / guide.md
Last active November 22, 2025 09:20
SSH Resident Key Guide

Initial checks

Start by checking that there aren't any previous ssh keys inside the FIDO2 authenticator of your YubiKey. You can check if they exist by running the command below:

nix shell nixpkgs#yubikey-manager -c ykman fido credentials list

If the command above outputs a string mentioning "ssh" or "openssh", then you have already got a key generated and store on your YubiKey.

Evaluating additional authentication factors

Before generating a new ssh key to store on your YubiKey you must consider which additional required authentication factors you want to use. Below you can see a table with the available factors and their corresponding command:

@maciakl
maciakl / elevate.cmd
Last active January 8, 2025 20:57
If your batch file needs to run as Administrator, put this at the top of your script. It will initiate a UAC prompt and run the rest of the script in elevated mode.
if "%1" == "elevated" goto start
powershell -command "Start-Process %~nx0 elevated -Verb runas"
goto :EOF
:start
rem your code goes here
@windgazer
windgazer / prepare-commit-msg.sh
Last active January 8, 2019 14:04 — forked from bartoszmajsak/prepare-commit-msg.sh
How to automatically prepend git commit with a branch name. TLDR, from the root of each repository you want to use this, install using `curl -L https://goo.gl/5Mmuoi -o .git/hooks/prepare-commit-msg --create-dirs; chmod 744 .git/hooks/prepare-commit-msg`
#!/bin/bash
# To update or install in a new repository, run the following command
# N=.git/hooks/prepare-commit-msg ; curl -L https://goo.gl/5Mmuoi -o $N --create-dirs; chmod 744 $N
# Assuming all branches are created as `WWW-nnn-Human-readable-suffixes`
# this commit-msg hook will prepend all commit messages with the ticket
# name/number, for example:
# Branch: ADV-007-License-to-kill
# Message: Bad guy has been identified.