Skip to content

Instantly share code, notes, and snippets.

@oldsj

oldsj/yubi.md

Created January 4, 2023 16:11
Show Gist options
  • Save oldsj/bf15cfdc252a9d03ff05ad5dcb99d922 to your computer and use it in GitHub Desktop.
Save oldsj/bf15cfdc252a9d03ff05ad5dcb99d922 to your computer and use it in GitHub Desktop.
Download ZIP
YubiKey SSH + Git Signing
Raw
yubi.md

SSH

  1. Download YubiKey Manager
  2. Set a FIDO2 PIN under Applications -> FIDO2
  3. Install the latest openssh brew install openssh
  4. Make sure your shell is using the latest openssh from brew: which ssh-keygen
  5. Generate a key: ssh-keygen -t ed25519-sk -O resident -O application=ssh:YourKeyName
  6. Make sure to repeat the process on at least 1 other YubiKey
  7. Copy both public keys to each server you want to login to

Signing git commits

  1. git config --global user.signingkey "~/.ssh/YourPubKey.pub"
  2. git config --global gpg.format ssh
  3. git config --global commit.gpgsign true
  4. echo "EMAIL YourPubKeyContents" > ~/.ssh/allowed_signers
  5. git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers

Test

  1. git commit --allow-empty --message="Test SSH sign"
  2. git show --show-signature
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment