Highly recommended for all node setups!
Download/Installl YubiKey software. Required to interface with the Yubikey.
- https://www.yubico.com/support/download/yubikey-manager/
- # Note: With the YubiKey Manager, all unused YubiKey features can be disabled.
- # Also, the pin can be changed, and the pin can be reset (erases all stored keys).
- # Make sure to run software as administrator!
- The OpenSSH software that is (or can be) natively installed on windows has yet to support Yubikey (as of this writing).
Yet, a version that does support Yubikey may be downloaded and installed from Microsoft's PowerShell repository:
https://github.com/PowerShell/Win32-OpenSSH/releases
- # Don't forget to restart the computer!
- # Run as administrator: Windows PowerShell
- Stop-Service -Name sshd # Stop the sshd service
- Set-Service -Name sshd -StartupType Disabled # Disable the sshd service
- # Run as administrator: Windows PowerShell
- mkdir $HOME\.ssh; cd $HOME\.ssh # Create .ssh folder and move to it
- rm $HOME\.ssh\YubiKey*
- "y" | ssh-keygen -t ed25519-sk -O application=ssh:general -O resident -C "# My YubiKey" -f $HOME/.ssh/YubiKey -N '""'
- # Watch for "Windows Security" dialog box (outside the powershell): Create/Enter pin (6 or more digits); "Touch your security key."
- # Run as administrator: Windows PowerShell
- mkdir $HOME\.ssh # There may not be a directory
- cd $HOME\.ssh
- ssh-keygen -K -N '""'
- # Enter pin and "Touch your security key." Note: There's no dialog box this time
- rm YubiKey*
- mv id_ed25519_sk_rk_general_*.pub YubiKey.pub
- mv id_ed25519_sk_rk_general_* YubiKey
- (Get-Content $HOME/.ssh/YubiKey.pub).replace('ssh:general', '# My YubiKey') | Set-Content $HOME/.ssh/YubiKey.pub # Restores original comment
- cat $HOME/.ssh/YubiKey.pub
- Copy the Public Key onto a new line in the file ~/.ssh/authorized_keys