buzzkillb Posted November 2, 2019 Report Share Posted November 2, 2019 I am using a yubikey 5 for this and Manjaro KDE distro. Amazon has same day delivery https://amzn.to/338KYgF slightly different but basically the same as official arch install, except I took out assuming the -m and $MK PIV application's 24-byte management key part as it didn't work for me when generating the self signed certificate.https://wiki.archlinux.org/index.php/YubiKey#Using_a_YubiKey_with_SSH #install yubikey manager sudo pacman -S yubikey-manager yubikey-manager-qt #plug in yubikey and verify it can be seen ykman list #generate key ykman piv generate-key -a RSA2048 9a pubkey.pem #generate self signed certificate ykman piv generate-certificate -d 1826 -s "SSH Key" 9a pubkey.pem #install opensc package sudo pacman -S opensc #configure ssh to use opensc library nano ~/.ssh/config #enter single line below, save and exit PKCS11Provider /usr/lib/opensc-pkcs11.so #convert public-key to standard openssh format ssh-keygen -i -m PKCS8 -f pubkey.pem > pubkey.txt #cat pubkey.txt to see your public key. example can copy and paste the public key into scaleway credentials cat pubkey.txt #or another way to get the public key onto your server cat ~/pubkey.txt | ssh user@hostname 'cat >> .ssh/authorized_keys' now when you ssh into your server, plug in your yubikey and you will be asked for a pin at the login prompt example ssh [email protected] and you will now be prompted for the yubikey pin to access your server Quote Link to comment Share on other sites More sharing options...
buzzkillb Posted November 5, 2019 Author Report Share Posted November 5, 2019 need to start these services sudo systemctl start pcscd.service sudo systemctl start pcscd.socket  Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.