04 Apr 2021

Using yubikey for SSH

Using yubikeys everywhere is my jam…here’s how.

Setup

I did it by installing yubikey-agent with a:

brew install yubikey-agent
brew services start yubikey-agent

Then shell configuration in ~/.zshrc:

export SSH_AUTH_SOCK="/usr/local/var/run/yubikey-agent.sock"

For each yubikey

  • Create an 8 char password in password manager
  • Run yubikey-agent -setup
    • Enter PIN/PUK
  • Get the public key and verify it works with ssh-add -L
  • Record public key in password manager and use the Yubico id to disambiguate which yubikey
  • Add the public key to anywhere relevant, ie https://github.com/settings/keys