Great Yubikey playlist by You. One and only, and especially this video, helped me understand how to log into my server where several keys are stored. Thanks.
Hey Gian! Your Yubikey playlist has been incredibly helpful-I've learned a lot! Thanks for creating it. Just a quick note: in the video, you mentioned the SSH Private key as a "reference," but it's actually the genuine PRIVATE KEY encrypted with the Yubikey's master key. Also, the SSH Private key isn't stored in the Yubikey; instead, the Yubikey decrypts it when you connect. I noticed this distinction after watching your follow-up videos on resident keys. Adding a note in the description could clarify this for future viewers. Thanks for your great content!
Thanks, following official documentation (developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) the private key should be stored inside the key. … The first file, id_ecdsa_sk, contains a reference to the private key credential stored on the YubiKey. The second file ,id_ecdsa_sk.pub, contains the public key
I adore how well explained these tutorials are. At the moment would it be possible to use other Windows Hello methods to generate a key pair? I tried to use smartphone passkeys and a laptop fingerprint sensor but I wasn't able to generate any public key
I'm not aware of that kind of support. Actually yubikey can be used as a passkey (I configured with GitHub and other account), but using smartphone or fingerprint sensor does not actually require a Yubikey and are differnent form of passkeys as far as I know.
Tro to upgrade SSH to the latest version, which version do you have? Also if you have a RSA key you probably should create a config file to choose the right key
Hi, friend! Thank you for the video, but I noticed that when you create an authorized_keys file, you do not assign rights to it. By default, the mask of the created files is 022. That is, the user and his group will have read and write access, while other users will only have read access. Accordingly, at the ssh connection stage, the client will display an error stating that the rights to the authorized_keys file have security problems. It makes sense to mention this! Gracias Señor!
Actually I've tried only on Windows, but yes, you are right, in linux is possible that you need to change permission to created file, as you would normally do with an RSA key.
Thank u very much. Works great. But i have 2 questions Can i use it also in Putty? I have 3 Yubikeys. How can i configure it that my Clients (2x Laptops/1x Desktop) can use all 3 yubikeys? Maybe u can help me/us Thank u.
Actually you can use your keys on any computer you want. When you first create the SSH key you get a private key (that is only a SHIM key that points to the right physical key). You can copy that private key on any computer you want. You can also create resident key, where you can extract the SHIM key with command line tool. I do not use putty from long time but from official documentation it seems that it has no problem with your yubi: developers.yubico.com/PGP/SSH_authentication/Windows.html
when you create the SSH key you can use -O no-touch-required, I must be honest, never tried because I always like giving a physical confirmation, but that option should disable the requirement for touch.
What if you lose the private key which resides on a machine? can I still log in to a remote device just by using a private key on my YubiKey? Is there a way to derive the lost key from the private key that resides in YubiKey?
![ROSÉ (로제) - number one girl [더 시즌즈-이영지의 레인보우] | KBS 241129 방송](http://i.ytimg.com/vi/A9oByH9Ci24/mqdefault.jpg)
Great Yubikey playlist by You. One and only, and especially this video, helped me understand how to log into my server where several keys are stored. Thanks.
Hey Gian! Your Yubikey playlist has been incredibly helpful-I've learned a lot! Thanks for creating it. Just a quick note: in the video, you mentioned the SSH Private key as a "reference," but it's actually the genuine PRIVATE KEY encrypted with the Yubikey's master key. Also, the SSH Private key isn't stored in the Yubikey; instead, the Yubikey decrypts it when you connect. I noticed this distinction after watching your follow-up videos on resident keys. Adding a note in the description could clarify this for future viewers. Thanks for your great content!
Thanks, following official documentation (developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) the private key should be stored inside the key.
…
The first file, id_ecdsa_sk, contains a reference to the private key credential stored on the YubiKey. The second file ,id_ecdsa_sk.pub, contains the public key
I adore how well explained these tutorials are. At the moment would it be possible to use other Windows Hello methods to generate a key pair? I tried to use smartphone passkeys and a laptop fingerprint sensor but I wasn't able to generate any public key
I'm not aware of that kind of support. Actually yubikey can be used as a passkey (I configured with GitHub and other account), but using smartphone or fingerprint sensor does not actually require a Yubikey and are differnent form of passkeys as far as I know.
Thank You for the Tutorial in Linux it works but on Windows the Window to confirm the Presence does not open
Tro to upgrade SSH to the latest version, which version do you have? Also if you have a RSA key you probably should create a config file to choose the right key
@@codewrecks ssh -V prints Out OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3 with win 11 64bit
You are using the old version included with the OS. You need to install the new one github.com/PowerShell/Win32-OpenSSH
@@codewrecks thank you now its working
@@RIPenemie Glad to be useful :), indeed that is the most common error, because windows changed how SSH was deployed
Hi, friend! Thank you for the video, but I noticed that when you create an authorized_keys file, you do not assign rights to it. By default, the mask of the created files is 022. That is, the user and his group will have read and write access, while other users will only have read access.
Accordingly, at the ssh connection stage, the client will display an error stating that the rights to the authorized_keys file have security problems. It makes sense to mention this! Gracias Señor!
Actually I've tried only on Windows, but yes, you are right, in linux is possible that you need to change permission to created file, as you would normally do with an RSA key.
Great video. What’s this fake private key format on disk
It is not a fake key, it refers to the physical key stored in YubiKey.
Thank u very much. Works great. But i have 2 questions
Can i use it also in Putty?
I have 3 Yubikeys.
How can i configure it that my Clients (2x Laptops/1x Desktop) can use all 3 yubikeys?
Maybe u can help me/us
Thank u.
Actually you can use your keys on any computer you want. When you first create the SSH key you get a private key (that is only a SHIM key that points to the right physical key). You can copy that private key on any computer you want.
You can also create resident key, where you can extract the SHIM key with command line tool.
I do not use putty from long time but from official documentation it seems that it has no problem with your yubi: developers.yubico.com/PGP/SSH_authentication/Windows.html
How to configure yubikey to stop asking user to touch it every time you use the keys
when you create the SSH key you can use -O no-touch-required, I must be honest, never tried because I always like giving a physical confirmation, but that option should disable the requirement for touch.
What if you lose the private key which resides on a machine? can I still log in to a remote device just by using a private key on my YubiKey? Is there a way to derive the lost key from the private key that resides in YubiKey?
If you choose resident key you can extract with a specific command check ruclips.net/video/jYb7l7mbhLM/видео.htmlfeature=shared