Using yubikeys everywhere is my jam…here’s how.
Setup
I did it by installing yubikey-agent with a:
brew install yubikey-agent
brew services start yubikey-agent
Then shell configuration in ~/.zshrc:
export SSH_AUTH_SOCK="/usr/local/var/run/yubikey-agent.sock"
For each yubikey
- Create an 8 char password in password manager
- Run
yubikey-agent -setup- Enter PIN/PUK
- Get the public key and verify it works with
ssh-add -L - Record public key in password manager and use the Yubico id to disambiguate which yubikey
- Add the public key to anywhere relevant, ie https://github.com/settings/keys
Credit/Links
- My workflow is a mixture of docs from https://github.com/FiloSottile/yubikey-agent and my own password manager setup.
- Another time when I want to tinker more, I’ll try out this set of instructions ssh and gpg from yubikey
- Superceded by 1st link: https://github.com/jamesog/yubikey-ssh