Differences

This shows you the differences between two versions of the page.

--- wiki:yubikey [2023/06/08 11:15] – michel
+++ wiki:yubikey [2024/03/01 13:56] (current) – michel
@@ Line 4: / Line 4: @@
 ===hira====
 <code>
-~/.ssh
+.ssh
-/home/michel/.ssh
+|-- authorized_keys
-├── authorized_keys
+|-- conf.d
-├── conf.d
+|   |-- hetzner.conf
-│   ├── hetzner.conf
+|   |-- hollandpark.conf
-│   ├── hollandpark.conf
+|   |-- nsas.conf
-│   ├── nsas.conf
+|   |-- other.conf
-│   ├── other.conf
+|   `-- swissbit.conf
-│   └── swissbit.conf
+|-- config
-├── config
+|-- id_ecdsa_sk -> keys/old/id_ecdsa_sk
-├── hollandpark
+|-- id_ecdsa_sk-NSAS -> keys/old/id_ecdsa_sk-NSAS
-│   ├── id_ed25519
+|-- id_ecdsa_sk-NSAS.pub -> keys/old/id_ecdsa_sk-NSAS.pub
-│   └── id_ed25519.pub
+|-- id_ecdsa_sk-swissbit -> keys/old/id_ecdsa_sk-swissbit
-├── id_ed25519_sk -> michel/id_ed25519_sk_rk_YKc-Michel
+|-- id_ecdsa_sk-swissbit.pub -> keys/old/id_ecdsa_sk-swissbit.pub
-├── id_ed25519_sk.pub -> michel/id_ed25519_sk_rk_YKc-Michel.pub
+|-- id_ecdsa_sk.pub -> keys/old/id_ecdsa_sk.pub
-├── josephs
+|-- id_ed25519 -> keys/michel/id_ed25519-Michel-automation
-├── known_hosts
+|-- id_ed25519.pub -> keys/michel/id_ed25519-Michel-automation.pub
-├── known_hosts.old
+|-- id_ed25519_nsas -> keys/old/id_ed25519_nsas
-├── michel
+|-- id_ed25519_nsas.pub -> keys/old/id_ed25519_nsas.pub
-│   ├── id_ecdsa_sk-ndc_YKa-Michel
+|-- id_ed25519_sk -> keys/michel/id_ed25519_sk_rk_YKc-Michel
-│   ├── id_ecdsa_sk-ndc_YKa-Michel.pub
+|-- id_ed25519_sk.pub -> keys/michel/id_ed25519_sk_rk_YKc-Michel.pub
-│   ├── id_ed25519-Michel-automation
+|-- id_rsa -> keys/michel/id_rsa_Michel-fallback
-│   ├── id_ed25519-Michel-automation.pub
+|-- id_rsa.pub -> keys/michel/id_rsa_Michel-fallback.pub
-│   ├── id_ed25519_sk-ndc_YKc-Michel
+|-- keys
-│   ├── id_ed25519_sk-ndc_YKc-Michel.pub
+|   |-- hollandpark
-│   ├── id_ed25519_sk-rk_YKc-Michel-automation
+|   |   |-- id_ed25519
-│   ├── id_ed25519_sk-rk_YKc-Michel-automation.pub
+|   |   |-- id_ed25519.pub
-│   ├── id_ed25519_sk_rk_YKc-Michel
+|   |   |-- id_ed25519_sk-YKc-Automation-Hollandpark
-│   └── id_ed25519_sk_rk_YKc-Michel.pub
+|   |   `-- id_ed25519_sk-YKc-Automation-Hollandpark.pub
-├── nsas
+|   |-- josephs
-│   ├── id_ecdsa_sk-NSAS
+|   |   |-- id_ed25519_sk-YKc-Automation-Josepfs
-│   ├── id_ecdsa_sk-NSAS.pub
+|   |   `-- id_ed25519_sk-YKc-Automation-Josepfs.pub
-│   ├── id_ed25519_sk_rk_YKc_NSAS
+|   |-- michel
-│   └── id_ed25519_sk_rk_YKc_NSAS.pub
+|   |   |-- id_ecdsa_sk-ndc_YKa-Michel
-├── old
+|   |   |-- id_ecdsa_sk-ndc_YKa-Michel.pub
-│   ├── id_ecdsa_sk
+|   |   |-- id_ed25519-Michel-automation
-│   └── id_ecdsa_sk.pub
+|   |   |-- id_ed25519-Michel-automation.pub
-├── schraubenscholz
+|   |   |-- id_ed25519_sk-ndc_YKc-Michel
-├── sockets
+|   |   |-- id_ed25519_sk-ndc_YKc-Michel.pub
-├── swissbit
+|   |   |-- id_ed25519_sk-rk_YKc-Michel-automation
-│   ├── id_ecdsa_sk-swissbit
+|   |   |-- id_ed25519_sk-rk_YKc-Michel-automation.pub
-│   └── id_ecdsa_sk-swissbit.pub
+|   |   |-- id_ed25519_sk_rk_YKc-Michel
-└── test
+|   |   |-- id_ed25519_sk_rk_YKc-Michel.pub
+|   |   |-- id_rsa_Michel-fallback
+|   |   `-- id_rsa_Michel-fallback.pub
+|   |-- nsas
+|   |   |-- id_ecdsa_sk-NSAS
+|   |   |-- id_ecdsa_sk-NSAS.pub
+|   |   |-- id_ed25519_sk_rk_YKc_NSAS
+|   |   `-- id_ed25519_sk_rk_YKc_NSAS.pub
+|   |-- old
+|   |   |-- id_ecdsa_sk
+|   |   |-- id_ecdsa_sk-NSAS
+|   |   |-- id_ecdsa_sk-NSAS.pub
+|   |   |-- id_ecdsa_sk-swissbit
+|   |   |-- id_ecdsa_sk-swissbit.pub
+|   |   |-- id_ecdsa_sk.pub
+|   |   |-- id_ed25519
+|   |   |-- id_ed25519.pub
+|   |   |-- id_ed25519_nsas
+|   |   `-- id_ed25519_nsas.pub
+|   |-- schraubenscholz
+|   |   |-- id_ed25519_sk-YKc-Automation-Scholz
+|   |   `-- id_ed25519_sk-YKc-Automation-Scholz.pub
+|   |-- swissbit
+|   |   |-- id_ecdsa_sk-swissbit
+|   |   `-- id_ecdsa_sk-swissbit.pub
+|   `-- xecuro
+|       |-- id_ed25519_sk_rk_YKc-xecuro
+|       `-- id_ed25519_sk_rk_YKc-xecuro.pub
+|-- known_hosts
+|-- known_hosts.old
+|-- old
+|   |-- known_hosts
+|   `-- known_hosts.old
+|-- scripts
+|   `-- sshfpgen
+|-- sockets
+`-- test
 </code>
@@ Line 98: / Line 134: @@
 <code>ssh-keygen -t ed25519-sk -O resident -O application=ssh:YKc-Automation-Michel -O user=michel -O no-touch-required -C "Michel Pelzer (Automation)- mp@nsas.de"</code>
 This key requires the presens of the Yubikey, but does not need to be touched. (authorized_keys) need the __no-touch-required__ in front of the public key.
+<file plain ~/.ssh/authorized_keys></file>
 <file plain ~/.ssh/authorized_keys>
-no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw=
+# Michel
+no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw= Michel Pelzer (Automation)- mp@nsas.de
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEvFa/NonVUOvoRRsx151bAJxjgckXC3sLqUb/kdQP9TAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ2Za0UMRtm+LwEGEmug1QNoBEoV/0xDmCRpAXqsqNfXAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de
+# NSAS
+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDp7SK9FxZJUQW+jz2ciChN7SwT6SdmovhLUlBLzhIkRAAAADHNzaDpZS2MtTlNBUw== NSAS - Network System Access Solutions
+sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBPneb67QG6/Z2BdcCBvZgiXVejD4ZGAAxgEoCx2aSbbegqSj1rSW9m2jkdRnwrQix//JfblvLOG/pXXQZJzPkHcAAAAEc3NoOg== NSAS-U2F
 </file>
+=== Hollandpark ===
 <file plain ~/.ssh/authorized_keys>
-no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw= Michel Pelzer (Automation)
+no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPqR3iKb9jw9IGHXXFBSPhgVVTy4tUYaQcdYmSFXjuPSAAAAFnNzaDphdXRvbWF0aW9uLm5zYXMuZGU= Michel
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBFXwrER3uMBc0oU5Z7Qklf/yAYJ4c1ng9zvQSNSwfO7 Michel Pelzer (Automation old)
+no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILgcVrlj1obmOQVHS29DlJttRuKovDbyjzeWjPBgtd0pAAAAEnNzaDpZS2MtS29lbmlnLW5kYw== Danny
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDp7SK9FxZJUQW+jz2ciChN7SwT6SdmovhLUlBLzhIkRAAAADHNzaDpZS2MtTlNBUw== NSAS - Network System Access Solutions
+no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJtU9G6KM0eWrNBdzuCoFyhPMRsdXHwIzbLyqQIMLwtnAAAAEHNzaDpZS2MtYmFuay1uZGM= Bank
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEvFa/NonVUOvoRRsx151bAJxjgckXC3sLqUb/kdQP9TAAAADnNzaDpZS2MtTWljaGVs ssh:YKc-Michel
+no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIkqDyKEdyAFTL6M9J8/xjMn6MqUzxuw3r7y79Q8DMGHAAAAEHNzaDpZS2MtVGhlby1uZGM= Theo
 </file>
 ===Listing key on a Yubikey===
@@ Line 121: / Line 167: @@
 List <code>ykman --reader yubico oath accounts</code>
 Add <code>ykman --reader yubico oath accounts add "NAME"</code>
+===FIDO2===
+Set Pin<code>ykman fido access change-pin --new-pin 511111</code>
+Change Pin <code>ykman fido access change-pin --pin 123456 --new-pin 511111</code>

User Tools

Site Tools

Differences

Page Tools