User Tools

Site Tools

Trace:
wiki:yubikey

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
wiki:yubikey [2023/06/08 10:41] michelwiki:yubikey [2024/03/01 13:56] (current) michel
Line 4: Line 4:
 ===hira==== ===hira====
 <code> <code>
-~/.ssh +.ssh 
-/home/michel/.ssh +|-- authorized_keys 
-├── authorized_keys +|-- conf.d 
-├── conf.d +|   |-- hetzner.conf 
-│   ├── hetzner.conf +|   |-- hollandpark.conf 
-│   ├── hollandpark.conf +|   |-- nsas.conf 
-│   ├── nsas.conf +|   |-- other.conf 
-│   ├── other.conf +|   `-- swissbit.conf 
-│   └── swissbit.conf +|-- config 
-├── config +|-- id_ecdsa_sk -> keys/old/id_ecdsa_sk 
-├── hollandpark +|-- id_ecdsa_sk-NSAS -> keys/old/id_ecdsa_sk-NSAS 
-│   ├── id_ed25519 +|-- id_ecdsa_sk-NSAS.pub -> keys/old/id_ecdsa_sk-NSAS.pub 
-│   └── id_ed25519.pub +|-- id_ecdsa_sk-swissbit -> keys/old/id_ecdsa_sk-swissbit 
-├── id_ed25519_sk -> michel/id_ed25519_sk_rk_YKc-Michel +|-- id_ecdsa_sk-swissbit.pub -> keys/old/id_ecdsa_sk-swissbit.pub 
-├── id_ed25519_sk.pub -> michel/id_ed25519_sk_rk_YKc-Michel.pub +|-- id_ecdsa_sk.pub -> keys/old/id_ecdsa_sk.pub 
-├── josephs +|-- id_ed25519 -> keys/michel/id_ed25519-Michel-automation 
-├── known_hosts +|-- id_ed25519.pub -> keys/michel/id_ed25519-Michel-automation.pub 
-├── known_hosts.old +|-- id_ed25519_nsas -> keys/old/id_ed25519_nsas 
-├── michel +|-- id_ed25519_nsas.pub -> keys/old/id_ed25519_nsas.pub 
-│   ├── id_ecdsa_sk-ndc_YKa-Michel +|-- id_ed25519_sk -> keys/michel/id_ed25519_sk_rk_YKc-Michel 
-│   ├── id_ecdsa_sk-ndc_YKa-Michel.pub +|-- id_ed25519_sk.pub -> keys/michel/id_ed25519_sk_rk_YKc-Michel.pub 
-│   ├── id_ed25519-Michel-automation +|-- id_rsa -> keys/michel/id_rsa_Michel-fallback 
-│   ├── id_ed25519-Michel-automation.pub +|-- id_rsa.pub -> keys/michel/id_rsa_Michel-fallback.pub 
-│   ├── id_ed25519_sk-ndc_YKc-Michel +|-- keys 
-│   ├── id_ed25519_sk-ndc_YKc-Michel.pub +|   |-- hollandpark 
-│   ├── id_ed25519_sk-rk_YKc-Michel-automation +|     |-- id_ed25519 
-│   ├── id_ed25519_sk-rk_YKc-Michel-automation.pub +|     |-- id_ed25519.pub 
-│   ├── id_ed25519_sk_rk_YKc-Michel +|     |-- id_ed25519_sk-YKc-Automation-Hollandpark 
-│   └── id_ed25519_sk_rk_YKc-Michel.pub +|     `-- id_ed25519_sk-YKc-Automation-Hollandpark.pub 
-├── nsas +|   |-- josephs 
-│   ├── id_ecdsa_sk-NSAS +|     |-- id_ed25519_sk-YKc-Automation-Josepfs 
-│   ├── id_ecdsa_sk-NSAS.pub +|     `-- id_ed25519_sk-YKc-Automation-Josepfs.pub 
-│   ├── id_ed25519_sk_rk_YKc_NSAS +|   |-- michel 
-│   └── id_ed25519_sk_rk_YKc_NSAS.pub +|     |-- id_ecdsa_sk-ndc_YKa-Michel 
-├── old +|     |-- id_ecdsa_sk-ndc_YKa-Michel.pub 
-│   ├── id_ecdsa_sk +|     |-- id_ed25519-Michel-automation 
-│   └── id_ecdsa_sk.pub +|     |-- id_ed25519-Michel-automation.pub 
-├── schraubenscholz +|     |-- id_ed25519_sk-ndc_YKc-Michel 
-├── sockets +|     |-- id_ed25519_sk-ndc_YKc-Michel.pub 
-├── swissbit +|     |-- id_ed25519_sk-rk_YKc-Michel-automation 
-│   ├── id_ecdsa_sk-swissbit +|     |-- id_ed25519_sk-rk_YKc-Michel-automation.pub 
-│   └── id_ecdsa_sk-swissbit.pub +|     |-- id_ed25519_sk_rk_YKc-Michel 
-└── test+|     |-- id_ed25519_sk_rk_YKc-Michel.pub 
 +|     |-- id_rsa_Michel-fallback 
 +|     `-- id_rsa_Michel-fallback.pub 
 +|   |-- nsas 
 +|     |-- id_ecdsa_sk-NSAS 
 +|     |-- id_ecdsa_sk-NSAS.pub 
 +|     |-- id_ed25519_sk_rk_YKc_NSAS 
 +|     `-- id_ed25519_sk_rk_YKc_NSAS.pub 
 +|   |-- old 
 +|     |-- id_ecdsa_sk 
 +|     |-- id_ecdsa_sk-NSAS 
 +|     |-- id_ecdsa_sk-NSAS.pub 
 +|     |-- id_ecdsa_sk-swissbit 
 +|     |-- id_ecdsa_sk-swissbit.pub 
 +|     |-- id_ecdsa_sk.pub 
 +|     |-- id_ed25519 
 +|     |-- id_ed25519.pub 
 +|     |-- id_ed25519_nsas 
 +|     `-- id_ed25519_nsas.pub 
 +|   |-- schraubenscholz 
 +|     |-- id_ed25519_sk-YKc-Automation-Scholz 
 +|     `-- id_ed25519_sk-YKc-Automation-Scholz.pub 
 +|   |-- swissbit 
 +|     |-- id_ecdsa_sk-swissbit 
 +|     `-- id_ecdsa_sk-swissbit.pub 
 +|   `-- xecuro 
 +|       |-- id_ed25519_sk_rk_YKc-xecuro 
 +|       `-- id_ed25519_sk_rk_YKc-xecuro.pub 
 +|-- known_hosts 
 +|-- known_hosts.old 
 +|-- old 
 +|   |-- known_hosts 
 +|   `-- known_hosts.old 
 +|-- scripts 
 +|   `-- sshfpgen 
 +|-- sockets 
 +`-- test
 </code> </code>
  
Line 98: Line 134:
 <code>ssh-keygen -t ed25519-sk -O resident -O application=ssh:YKc-Automation-Michel -O user=michel -O no-touch-required -C "Michel Pelzer (Automation)- mp@nsas.de"</code> <code>ssh-keygen -t ed25519-sk -O resident -O application=ssh:YKc-Automation-Michel -O user=michel -O no-touch-required -C "Michel Pelzer (Automation)- mp@nsas.de"</code>
 This key requires the presens of the Yubikey, but does not need to be touched. (authorized_keys) need the __no-touch-required__ in front of the public key. This key requires the presens of the Yubikey, but does not need to be touched. (authorized_keys) need the __no-touch-required__ in front of the public key.
 +
 +<file plain ~/.ssh/authorized_keys></file>
  
 <file plain ~/.ssh/authorized_keys> <file plain ~/.ssh/authorized_keys>
-no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw=+# Michel 
 +no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw= Michel Pelzer (Automation)- mp@nsas.de 
 +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEvFa/NonVUOvoRRsx151bAJxjgckXC3sLqUb/kdQP9TAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de 
 +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ2Za0UMRtm+LwEGEmug1QNoBEoV/0xDmCRpAXqsqNfXAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de 
 +# NSAS 
 +sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDp7SK9FxZJUQW+jz2ciChN7SwT6SdmovhLUlBLzhIkRAAAADHNzaDpZS2MtTlNBUw== NSAS - Network System Access Solutions 
 +sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBPneb67QG6/Z2BdcCBvZgiXVejD4ZGAAxgEoCx2aSbbegqSj1rSW9m2jkdRnwrQix//JfblvLOG/pXXQZJzPkHcAAAAEc3NoOg== NSAS-U2F
 </file> </file>
  
 +=== Hollandpark ===
 <file plain ~/.ssh/authorized_keys> <file plain ~/.ssh/authorized_keys>
-no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw=+no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPqR3iKb9jw9IGHXXFBSPhgVVTy4tUYaQcdYmSFXjuPSAAAAFnNzaDphdXRvbWF0aW9uLm5zYXMuZGU= Michel 
 +no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILgcVrlj1obmOQVHS29DlJttRuKovDbyjzeWjPBgtd0pAAAAEnNzaDpZS2MtS29lbmlnLW5kYw== Danny 
 +no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJtU9G6KM0eWrNBdzuCoFyhPMRsdXHwIzbLyqQIMLwtnAAAAEHNzaDpZS2MtYmFuay1uZGM= Bank 
 +no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIkqDyKEdyAFTL6M9J8/xjMn6MqUzxuw3r7y79Q8DMGHAAAAEHNzaDpZS2MtVGhlby1uZGMTheo
 </file> </file>
 +
  
 ===Listing key on a Yubikey=== ===Listing key on a Yubikey===
Line 118: Line 167:
 List <code>ykman --reader yubico oath accounts</code> List <code>ykman --reader yubico oath accounts</code>
 Add <code>ykman --reader yubico oath accounts add "NAME"</code> Add <code>ykman --reader yubico oath accounts add "NAME"</code>
 +
 +===FIDO2===
 +Set Pin<code>ykman fido access change-pin --new-pin 511111</code>
 +Change Pin <code>ykman fido access change-pin --pin 123456 --new-pin 511111</code>
  
/dokuwiki/data/attic/wiki/yubikey.1686220906.txt.gz · Last modified: 2023/06/08 10:41 by michel

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Valid HTML5 Valid CSS Driven by DokuWiki