Jump to content

Yubikey - Manjaro - SSH Keys


Recommended Posts

I am using a yubikey 5 for this and Manjaro KDE distro. Amazon has same day delivery https://amzn.to/338KYgF

slightly different but basically the same as official arch install, except I took out assuming the -m and $MK PIV application's 24-byte management key part as it didn't work for me when generating the self signed certificate.

#install yubikey manager

sudo pacman -S yubikey-manager yubikey-manager-qt

#plug in yubikey and verify it can be seen

ykman list

#generate key

ykman piv generate-key -a RSA2048 9a pubkey.pem

#generate self signed certificate

ykman piv generate-certificate -d 1826 -s "SSH Key" 9a pubkey.pem

#install opensc package

sudo pacman -S opensc

#configure ssh to use opensc library

nano ~/.ssh/config

#enter single line below, save and exit

PKCS11Provider /usr/lib/opensc-pkcs11.so

#convert public-key to standard openssh format

ssh-keygen -i -m PKCS8 -f pubkey.pem > pubkey.txt

#cat pubkey.txt to see your public key. example can copy and paste the public key into scaleway credentials

cat pubkey.txt

#or another way to get the public key onto your server

cat ~/pubkey.txt | ssh user@hostname 'cat >> .ssh/authorized_keys'

now when you ssh into your server, plug in your yubikey and you will be asked for a pin at the login prompt


ssh [email protected]

and you will now be prompted for the yubikey pin to access your server


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...