YubiKeys and SSH Keys

All YubiKeys since X have come with PIV slots, multiple slots for different purposes. Slot 9a for example is used for SSH keys, while slot 9e is used for X.

Install YubiKey Manager using your favourite package manager, here we use brew.

YubiKey Manager

brew install ykman

Generate key on YubiKey slot 9a, saving the public key to yubikey-public.pem

ykman piv generate-key --touch-policy always 9a ~/Documents/yubikey-public.pem

To get the public key in a format for OpenSSH you can use the following command to copy it to the macOS clipboard.

echo `ssh-keygen -D /usr/local/lib/opensc-pkcs11.so` | pbcopy

The YubiKey SSH PIV public key should now be on the clipboard, paste the public key to the location that is required. SSH user account, Git authentication, etc.

Aug 9, 2020 - Filed in: 2FA SSH macOS Linux
Words: 200