buzzkillb Posted April 22, 2021 Report Share Posted April 22, 2021 How to create an SSH key on a Yubikey 5 using GPG on Ubuntu 20.04. Yubikey 5c https://amzn.to/3dFvg4A Yubikey 5 nfc https://amzn.to/3gr4UoJ I am using VM Player as the test subject. Edit the .vmx file if you are using this and add these 3 lines to the end to passthrough the Yubikey. Restart vmplayer and passthrough. usb.generic.allowHID = "TRUE" usb.generic.allowLastHID = "TRUE" usb.quirks.device0 = "0x1050:0x0407 allow" Reference: https://www.engineerbetter.com/blog/yubikey-ssh/ I just installed all the yubikey stuff, you can do these 1 by 1 for what you need or just throw them all in. sudo apt install opensc-pkcs11 yubikey-personalization scdaemon libpam-u2f libpam-yubico yubikey-personalization-gui yubikey-manager Use GPG agent cat <<EOF >> ~/.bashrc export GPG_TTY=$(tty) gpg-connect-agent updatestartuptty /bye unset SSH_AGENT_PID export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) EOF then . ~/.bashrc To check if the Yubikey is being seen by Ubuntu type gpg --card-status If you want to change your pins, this is the command gpg --change-pin I would test the steps out before editting pins and messing around with more stuff, lets get to editing gpg --card-edit admin generate Make off-card backup of encryption key? N I chose to expire my key in 3 years so I typed 3y Is this correct? Y Fill in a name and email address. Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O quit Check your ssh key ssh-add -L and it spits the SSH key out ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRELbQ3izu+ckrwPgKTdmck89xrOaSv1Kp0vY1ShWYbjyALOvEL9Okd23bjzCcS3h/0t5R5HZs3Ej0cOpupa/Ls4E6DwFs7hC6bMjSdDu/I0490ONH6LOYWE5T5GCuuPNmMRBVX7mmCAXzUIkBFvimzspAIY+w2pkQ2bk+dOC+IMG70DsDPv54+LBm7IpgWth+wZLppacVYMgpARX38ounHU8pxEOxEodf5Vzx+jCxX7swYBM0Ujw+5+Kg+8c00oWB/6MM1mIdTepqH4hRIkw0AVMhEFqnC/qOrr4aZ9e8Bd5B27sTKwPlmX0oe7Uw46G72MZ6/bLc8qgjjIeIOzUj cardno:000613493497 To move the yubikey to another VM I did the edit vmx file, passed the yubikey through to vmplayer and then sudo apt install opensc-pkcs11 yubikey-personalization scdaemon libpam-u2f libpam-yubico yubikey-personalization-gui yubikey-manager Use GPG agent cat <<EOF >> ~/.bashrc export GPG_TTY=$(tty) gpg-connect-agent updatestartuptty /bye unset SSH_AGENT_PID export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) EOF then . ~/.bashrc And then check the key ssh-add -L 1 Quote Link to comment Share on other sites More sharing options...
buzzkillb Posted April 22, 2021 Author Report Share Posted April 22, 2021 An example of using the public key with Denarius NVS. Add the public key to be more public, go to your Denarius QT Wallet and at the debug console type name_new ssh:buzzkillb "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRELbQ3izu+ckrwPgKTdmck89xrOaSv1Kp0vY1ShWYbjyALOvEL9Okd23bjzCcS3h/0t5R5HZs3Ej0cOpupa/Ls4E6DwFs7hC6bMjSdDu/I0490ONH6LOYWE5T5GCuuPNmMRBVX7mmCAXzUIkBFvimzspAIY+w2pkQ2bk+dOC+IMG70DsDPv54+LBm7IpgWth+wZLppacVYMgpARX38ounHU8pxEOxEodf5Vzx+jCxX7swYBM0Ujw+5+Kg+8c00oWB/6MM1mIdTepqH4hRIkw0AVMhEFqnC/qOrr4aZ9e8Bd5B27sTKwPlmX0oe7Uw46G72MZ6/bLc8qgjjIeIOzUj cardno:000613493497" 9999 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.