Jump to content
Sign in to follow this  
buzzkillb

Yubikey - Manjaro - SSH Keys

Recommended Posts

I am using a yubikey 5 for this and Manjaro KDE distro. Amazon has same day delivery https://amzn.to/338KYgF

slightly different but basically the same as official arch install, except I took out assuming the -m and $MK PIV application's 24-byte management key part as it didn't work for me when generating the self signed certificate.
https://wiki.archlinux.org/index.php/YubiKey#Using_a_YubiKey_with_SSH


#install yubikey manager

sudo pacman -S yubikey-manager yubikey-manager-qt

#plug in yubikey and verify it can be seen

ykman list

#generate key

ykman piv generate-key -a RSA2048 9a pubkey.pem

#generate self signed certificate

ykman piv generate-certificate -d 1826 -s "SSH Key" 9a pubkey.pem

#install opensc package

sudo pacman -S opensc

#configure ssh to use opensc library

nano ~/.ssh/config


#enter single line below, save and exit

PKCS11Provider /usr/lib/opensc-pkcs11.so

#convert public-key to standard openssh format

ssh-keygen -i -m PKCS8 -f pubkey.pem > pubkey.txt

#cat pubkey.txt to see your public key. example can copy and paste the public key into scaleway credentials

cat pubkey.txt

#or another way to get the public key onto your server

cat ~/pubkey.txt | ssh [email protected] 'cat >> .ssh/authorized_keys'

now when you ssh into your server, plug in your yubikey and you will be asked for a pin at the login prompt

example

ssh [email protected]

and you will now be prompted for the yubikey pin to access your server

image.png.5343c054f184cedd8c758f2e90c08388.png


Join Denarius Discord - https://discord.gg/JQEmXwb

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...