MacOS (12.1 - Apple Silicon) - SSH Key YubiKey Fido - id_ecdsa_sk
To secure your SSH Keys with YubiKey this has not been easyer as now for to setup this there are just some changes on your OpenSSH needed and the publication of your new public keys to your services and servers.
First you need to update your OpenSSH via brew:
brew install openssh
after the installation you need to change your enviroment file:
export PATH=$(brew --prefix openssh)/bin:$PATH
you can check your SSH version:
ssh -V
on my system this is now:
OpenSSH_8.8p1, OpenSSL 1.1.1m 14 Dec 2021
Now we need the YubiKey connected to your system:
ssh-keygen -t ecdsa-sk -C "$(hostname)-$(date +'%d-%m-%Y')"
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator:
You may need to touch your authenticator (again) to authorize key generation.
Enter file in which to save the key (/Users/dawdad/.ssh/id_ecdsa_sk): /Users/dawdad/.ssh/id_ecdsa_sk
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /Users/dawdad/.ssh/id_ecdsa_sk_dummy
Your public key has been saved in /Users/dawdad/.ssh/id_ecdsa_sk_dummy.pub
The key fingerprint is:
SHA256:xxxxxxxxxxx notebook.local-10-02-2022
this will result in two files under /Users/<username>/.ssh/
if you will use your new sshkey for the connection you will need to have your yubikey connected to your system to be able to use your private key.
