Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>SSH key storage needs more info I think. I am using SSH enough that this '...can also do SSH...' would want to be the main topic.

Different audiences, I think - this article doesn't go into technical details that often besides mentioning various protocols and what they do. Using a Yubikey for SSH (either via GPG or X.509 certs) is significantly more involved than using one for U2F/FIDO2.

There's a pretty in-depth guide here on using one as a GPG smartcard with SSH (that's what I do): https://zeos.ca/post/2018/gpg-yubikey5/



There's also DrDuh's pretty comprehensive guide https://github.com/drduh/YubiKey-Guide


For bonus points, you can also sign your Git commits.


Yup! And it's simple enough to do this automatically by just putting this in your gitconfig:

    [user]
        signingkey = <your GPG fingerprint here>
    [commit]
        gpgsign = true


You don't need signingkey if you have a GPG key with the same email as your git user.email (I guess that's the majority of cases).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: