
Using a Yubikey to Secure SSH on macOS (Simplified Version) - m3nu
https://blog.snapdragon.cc/2019/04/27/using-a-yubikey-to-secure-ssh-on-macos/
======
ggm
Thank you. I've been waiting for a decentv write upb to gain confidence in
this process.

I usually save a gpg .ASC of the private key a encoded in something I have
confidence in but a pkcs12 with long passphrase might be better.

------
m3nu
My notes on setting up a Yubikey to keep private SSH key on it. There were a
bunch of existing guides, but non covered everything or had extra steps that
aren't necessary.

~~~
krishicks
These steps didn't work for me; I failed at creating the self-signed
certificate:

    
    
      yubico-piv-tool -a verify-pin -a selfsign-certificate -s 9a -S "/CN=SSH key/" --valid-days=3650 -i yubikey.pub.pkcs8 -o cert.pem -v
      trying to connect to reader 'Yubico Yubikey 4 OTP+U2F+CCID'.
      Action 'verify-pin' does not need authentication.
      Action 'selfsign-certificate' does not need authentication.
      Now processing for action 'verify-pin'.
      Enter PIN:
      Successfully verified PIN.
      Now processing for action 'selfsign-certificate'.
      Failed sign command with code 6a80.
      Failed signing certificate.
    

I haven't yet figured out what 6a80 means. Does this guide assume the Yubikey
is in any particular state?

------
steve19
Fantastic guide. Is there any android ssh application that can use the key
stored on a yubi key nfc?

~~~
moreentropy
Yes, TermBot (Fork of ConnectBot with YK support) can use the Authentications
key of the OpenPGP applet for SSH using OpenKeychain.

Works like a charm but you need have the key in the OpenPGP applet, not the
PIV applet.

