User Tools

Site Tools

Trace:
wiki:yubikey

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
wiki:yubikey [2023/06/08 18:41] michelwiki:yubikey [2024/03/01 13:56] (current) michel
Line 3: Line 3:
 ====SSH==== ====SSH====
 ===hira==== ===hira====
-<code>.ssh+<code> 
 +.ssh
 |-- authorized_keys |-- authorized_keys
 |-- conf.d |-- conf.d
Line 29: Line 30:
 |   |-- hollandpark |   |-- hollandpark
 |     |-- id_ed25519 |     |-- id_ed25519
-|     `-- id_ed25519.pub+|     |-- id_ed25519.pub 
 +|     |-- id_ed25519_sk-YKc-Automation-Hollandpark 
 +|     `-- id_ed25519_sk-YKc-Automation-Hollandpark.pub
 |   |-- josephs |   |-- josephs
 +|     |-- id_ed25519_sk-YKc-Automation-Josepfs
 +|     `-- id_ed25519_sk-YKc-Automation-Josepfs.pub
 |   |-- michel |   |-- michel
 |     |-- id_ecdsa_sk-ndc_YKa-Michel |     |-- id_ecdsa_sk-ndc_YKa-Michel
Line 61: Line 66:
 |     `-- id_ed25519_nsas.pub |     `-- id_ed25519_nsas.pub
 |   |-- schraubenscholz |   |-- schraubenscholz
-|   `-- swissbit +|     |-- id_ed25519_sk-YKc-Automation-Scholz 
-      |-- id_ecdsa_sk-swissbit +|   |   `-- id_ed25519_sk-YKc-Automation-Scholz.pub 
-      `-- id_ecdsa_sk-swissbit.pub+|   |-- swissbit 
 +  |   |-- id_ecdsa_sk-swissbit 
 +  |   `-- id_ecdsa_sk-swissbit.pub 
 +|   `-- xecuro 
 +|       |-- id_ed25519_sk_rk_YKc-xecuro 
 +|       `-- id_ed25519_sk_rk_YKc-xecuro.pub
 |-- known_hosts |-- known_hosts
 |-- known_hosts.old |-- known_hosts.old
Line 72: Line 82:
 |   `-- sshfpgen |   `-- sshfpgen
 |-- sockets |-- sockets
-|   `-- root@dialin.core.nsas.de:22 
 `-- test `-- test
- 
- 
 </code> </code>
  
Line 127: Line 134:
 <code>ssh-keygen -t ed25519-sk -O resident -O application=ssh:YKc-Automation-Michel -O user=michel -O no-touch-required -C "Michel Pelzer (Automation)- mp@nsas.de"</code> <code>ssh-keygen -t ed25519-sk -O resident -O application=ssh:YKc-Automation-Michel -O user=michel -O no-touch-required -C "Michel Pelzer (Automation)- mp@nsas.de"</code>
 This key requires the presens of the Yubikey, but does not need to be touched. (authorized_keys) need the __no-touch-required__ in front of the public key. This key requires the presens of the Yubikey, but does not need to be touched. (authorized_keys) need the __no-touch-required__ in front of the public key.
 +
 +<file plain ~/.ssh/authorized_keys></file>
  
 <file plain ~/.ssh/authorized_keys> <file plain ~/.ssh/authorized_keys>
 # Michel # Michel
 no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw= Michel Pelzer (Automation)- mp@nsas.de no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw= Michel Pelzer (Automation)- mp@nsas.de
-no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEvFa/NonVUOvoRRsx151bAJxjgckXC3sLqUb/kdQP9TAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de+sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEvFa/NonVUOvoRRsx151bAJxjgckXC3sLqUb/kdQP9TAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de
 sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ2Za0UMRtm+LwEGEmug1QNoBEoV/0xDmCRpAXqsqNfXAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ2Za0UMRtm+LwEGEmug1QNoBEoV/0xDmCRpAXqsqNfXAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de
 # NSAS # NSAS
-sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBPneb67QG6/Z2BdcCBvZgiXVejD4ZGAAxgEoCx2aSbbegqSj1rSW9m2jkdRnwrQix//JfblvLOG/pXXQZJzPkHcAAAAEc3NoOg== NSAS-U2F 
 sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDp7SK9FxZJUQW+jz2ciChN7SwT6SdmovhLUlBLzhIkRAAAADHNzaDpZS2MtTlNBUw== NSAS - Network System Access Solutions sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDp7SK9FxZJUQW+jz2ciChN7SwT6SdmovhLUlBLzhIkRAAAADHNzaDpZS2MtTlNBUw== NSAS - Network System Access Solutions
 +sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBPneb67QG6/Z2BdcCBvZgiXVejD4ZGAAxgEoCx2aSbbegqSj1rSW9m2jkdRnwrQix//JfblvLOG/pXXQZJzPkHcAAAAEc3NoOg== NSAS-U2F
 </file> </file>
  
 +=== Hollandpark ===
 <file plain ~/.ssh/authorized_keys> <file plain ~/.ssh/authorized_keys>
-# Michel +no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIPqR3iKb9jw9IGHXXFBSPhgVVTy4tUYaQcdYmSFXjuPSAAAAFnNzaDphdXRvbWF0aW9uLm5zYXMuZGU= Michel 
-no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEawzv7L8w9eetH03oc8XHuc02gX/MCmr3sUDHH8opKVAAAAGXNzaDpZS2MtQXV0b21hdGlvbi1NaWNoZWw= Michel Pelzer (Automation)- mp@nsas.de +no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAILgcVrlj1obmOQVHS29DlJttRuKovDbyjzeWjPBgtd0pAAAAEnNzaDpZS2MtS29lbmlnLW5kYw== Danny 
-no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEvFa/NonVUOvoRRsx151bAJxjgckXC3sLqUb/kdQP9TAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer mp@nsas.de +no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJtU9G6KM0eWrNBdzuCoFyhPMRsdXHwIzbLyqQIMLwtnAAAAEHNzaDpZS2MtYmFuay1uZGM= Bank 
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJ2Za0UMRtm+LwEGEmug1QNoBEoV/0xDmCRpAXqsqNfXAAAADnNzaDpZS2MtTWljaGVs Michel Pelzer - mp@nsas.de +no-touch-required sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIIkqDyKEdyAFTL6M9J8/xjMn6MqUzxuw3r7y79Q8DMGHAAAAEHNzaDpZS2MtVGhlby1uZGMTheo
-# NSAS +
-sk-ecdsa-sha2-nistp256@openssh.com AAAAInNrLWVjZHNhLXNoYTItbmlzdHAyNTZAb3BlbnNzaC5jb20AAAAIbmlzdHAyNTYAAABBBPneb67QG6/Z2BdcCBvZgiXVejD4ZGAAxgEoCx2aSbbegqSj1rSW9m2jkdRnwrQix//JfblvLOG/pXXQZJzPkHcAAAAEc3NoOg== NSAS-U2F +
-sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDp7SK9FxZJUQW+jz2ciChN7SwT6SdmovhLUlBLzhIkRAAAADHNzaDpZS2MtTlNBUw== NSAS - Network System Access Solutions+
 </file> </file>
 +
  
 ===Listing key on a Yubikey=== ===Listing key on a Yubikey===
Line 159: Line 167:
 List <code>ykman --reader yubico oath accounts</code> List <code>ykman --reader yubico oath accounts</code>
 Add <code>ykman --reader yubico oath accounts add "NAME"</code> Add <code>ykman --reader yubico oath accounts add "NAME"</code>
 +
 +===FIDO2===
 +Set Pin<code>ykman fido access change-pin --new-pin 511111</code>
 +Change Pin <code>ykman fido access change-pin --pin 123456 --new-pin 511111</code>
  
/dokuwiki/data/attic/wiki/yubikey.1686249713.txt.gz · Last modified: 2023/06/08 18:41 by michel

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Valid HTML5 Valid CSS Driven by DokuWiki