- Download YubiKey Manager
- Set a FIDO2 PIN under Applications -> FIDO2
- Install the latest openssh
brew install openssh
- Make sure your shell is using the latest openssh from brew:
which ssh-keygen
- Generate a key:
ssh-keygen -t ed25519-sk -O resident -O application=ssh:YourKeyName
- Make sure to repeat the process on at least 1 other YubiKey
- Copy both public keys to each server you want to login to
git config --global user.signingkey "~/.ssh/YourPubKey.pub"
git config --global gpg.format ssh
git config --global commit.gpgsign true
echo "EMAIL YourPubKeyContents" > ~/.ssh/allowed_signers
git config --global gpg.ssh.allowedSignersFile ~/.ssh/allowed_signers
git commit --allow-empty --message="Test SSH sign"
git show --show-signature