YubiKeys and SSH Keys

    All YubiKeys since X have come with PIV slots, multiple slots for different purposes. Slot 9a for example is used for SSH keys, while slot 9e is used for X.

    Install YubiKey Manager using your favourite package manager, here we use brew.

    YubiKey Manager

    brew install ykman

    Generate key on YubiKey slot 9a, saving the public key to yubikey-public.pem

    ykman piv generate-key --touch-policy always 9a ~/Documents/yubikey-public.pem

    To get the public key in a format for OpenSSH you can use the following command to copy it to the macOS clipboard.

    echo `ssh-keygen -D /usr/local/lib/opensc-pkcs11.so` | pbcopy

    The YubiKey SSH PIV public key should now be on the clipboard, paste the public key to the location that is required. SSH user account, Git authentication, etc.

    Filed in: 2FA SSH macOS Linux
    Reading Time: 1 minute(s)