![]() This command will place the new key pair into ~/.ssh/ as either: id_ecdsa_sk.pub If you get this error Key enrollment failed: requested feature not supported then your Yubikey’s firmware is too old and does not support ed25519-sk keys. Use this command to create an ed25519 key pair: ssh-keygen -t ed25519-sk Then add this line that includes both of the ed25519-sk and ecdsa-sk keys: PubkeyAcceptedKeyTypes restart SSH systemctl restart sshĬreate an ecdsa key pair with the following command: ssh-keygen -t ecdsa-sk Open your SSH server’s configuration in a text editor: nano /etc/ssh/sshd_config You will need to configure the SSH server to use the sk (Security Key) that you will create later. You can check your Yubikey’s firmware version with the following command: lsusb -v 2>/dev/null | grep -A2 Yubico | grep "bcdDevice" | awk '' If you version is older then use an ecdsa-sk key. You will also need Yubikey firmware of 5.2.3 if you want to use a ed25519-sk key. ![]() ![]() You must have SSH version 8.2 or greater on the client (your laptop) and the server (the remote Linux system). This guide is a quick start to using a Yubikey with SSH. This situation can be improved upon by enforcing a second authentication factor - a Yubikey.Īfter you do this then only someone with both the password and the Yubikey will be able to use the SSH key pair to log into your Linus system. Traditionally, are secured with a password. SSH is the default method for systems administrators to log into remote Linus systems.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |