Created
December 3, 2019 06:43
-
-
Save petersellars/ef65205e419f97bb86e5378d4383ee66 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# On Ubuntu/Mint you will need the yubico ppa if you want the Yubico management | |
# tools | |
# NB. It appears the yubikey-personalization is no longer maintained by Yubico, | |
# so at some point may want to remove the yubikey-personalization installed | |
# applications | |
sudo -E apt-add-repository -y ppa:yubico/stable | |
sudo -E apt-get -qy update | |
sudo -E apt-get -qy install yubikey-personalization-gui \ | |
yubikey-personalization \ | |
yubikey-manager-qt \ | |
yubikey-manager \ | |
yubioath-desktop | |
# pcscd, pcsc-tools, scdaemon and gpg2 are required as well | |
sudo -E apt-get -qy install pcscd \ | |
pcsc-tools \ | |
scdaemon \ | |
gnupg2 | |
# Enforce usage of gpg2, create a symlink | |
sudo -E ln -sfn /usr/bin/gpg2 /usr/local/bin/gpg | |
# Add this to ~/.bashrc | |
#export GPG_TTY=$(tty) | |
#gpg-connect-agent updatestartuptty /bye | |
#unset SSH_AGENT_PID | |
#export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) | |
# Enable GnuPG agents | |
cat > ~/.gnupg/gpg.conf << EOF | |
use-agent | |
EOF | |
cat > ~/.gnupg/gpg-agent.conf << EOF | |
enable-ssh-support | |
EOF | |
echo "GnuPG agents configured" | |
# You may like to install a pinentry GUI, as the pinentry-curses CLI tool always | |
# uses the tty it was started in. | |
# sudo -E apt-get -qy install pinentry-qt | |
# Use update-alternatives to use the installed GUI | |
# sudo -E update-alternatives --config pinentry | |
# Next Steps | |
# - SSH Keys | |
# -- References | |
# --- https://www.engineerbetter.com/blog/yubikey-ssh/ | |
# --- https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ | |
# --- https://opensource.com/article/19/4/gpg-subkeys-ssh | |
# --- https://mikebeach.org/2017/09/07/yubikey-gpg-key-for-ssh-authentication/ | |
# -- Generate Key on Yubikey (admin, generate, fetch) | |
# - 2FA | |
# -- References | |
# --- https://www.engineerbetter.com/blog/yubikey-2fa/ | |
# --- https://www.1strategy.com/blog/2018/05/08/lock-down-your-aws-account-with-yubikey/ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment