Hey Gian! Your Yubikey playlist has been incredibly helpful-I've learned a lot! Thanks for creating it. Just a quick note: in the video, you mentioned the SSH Private key as a "reference," but it's actually the genuine PRIVATE KEY encrypted with the Yubikey's master key. Also, the SSH Private key isn't stored in the Yubikey; instead, the Yubikey decrypts it when you connect. I noticed this distinction after watching your follow-up videos on resident keys. Adding a note in the description could clarify this for future viewers. Thanks for your great content!
Thanks, following official documentation (developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) the private key should be stored inside the key. … The first file, id_ecdsa_sk, contains a reference to the private key credential stored on the YubiKey. The second file ,id_ecdsa_sk.pub, contains the public key
I adore how well explained these tutorials are. At the moment would it be possible to use other Windows Hello methods to generate a key pair? I tried to use smartphone passkeys and a laptop fingerprint sensor but I wasn't able to generate any public key
I'm not aware of that kind of support. Actually yubikey can be used as a passkey (I configured with GitHub and other account), but using smartphone or fingerprint sensor does not actually require a Yubikey and are differnent form of passkeys as far as I know.
Tro to upgrade SSH to the latest version, which version do you have? Also if you have a RSA key you probably should create a config file to choose the right key
Thank u very much. Works great. But i have 2 questions Can i use it also in Putty? I have 3 Yubikeys. How can i configure it that my Clients (2x Laptops/1x Desktop) can use all 3 yubikeys? Maybe u can help me/us Thank u.
Actually you can use your keys on any computer you want. When you first create the SSH key you get a private key (that is only a SHIM key that points to the right physical key). You can copy that private key on any computer you want. You can also create resident key, where you can extract the SHIM key with command line tool. I do not use putty from long time but from official documentation it seems that it has no problem with your yubi: developers.yubico.com/PGP/SSH_authentication/Windows.html
Hi, friend! Thank you for the video, but I noticed that when you create an authorized_keys file, you do not assign rights to it. By default, the mask of the created files is 022. That is, the user and his group will have read and write access, while other users will only have read access. Accordingly, at the ssh connection stage, the client will display an error stating that the rights to the authorized_keys file have security problems. It makes sense to mention this! Gracias Señor!
Actually I've tried only on Windows, but yes, you are right, in linux is possible that you need to change permission to created file, as you would normally do with an RSA key.
when you create the SSH key you can use -O no-touch-required, I must be honest, never tried because I always like giving a physical confirmation, but that option should disable the requirement for touch.
You will create another key in another yubikey, you need to configure both public keys in remote machines. This is needed because FIDO2 SSH keys have private key stored inside your yubikey, and cannot be exported.
What if you lose the private key which resides on a machine? can I still log in to a remote device just by using a private key on my YubiKey? Is there a way to derive the lost key from the private key that resides in YubiKey?
![POLYCAT - ข้อความรูปยิ้ม :) [Music Video]](http://i.ytimg.com/vi/lBhIgPGCgbI/mqdefault.jpg)
Hey Gian! Your Yubikey playlist has been incredibly helpful-I've learned a lot! Thanks for creating it. Just a quick note: in the video, you mentioned the SSH Private key as a "reference," but it's actually the genuine PRIVATE KEY encrypted with the Yubikey's master key. Also, the SSH Private key isn't stored in the Yubikey; instead, the Yubikey decrypts it when you connect. I noticed this distinction after watching your follow-up videos on resident keys. Adding a note in the description could clarify this for future viewers. Thanks for your great content!
Thanks, following official documentation (developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) the private key should be stored inside the key.
…
The first file, id_ecdsa_sk, contains a reference to the private key credential stored on the YubiKey. The second file ,id_ecdsa_sk.pub, contains the public key
I adore how well explained these tutorials are. At the moment would it be possible to use other Windows Hello methods to generate a key pair? I tried to use smartphone passkeys and a laptop fingerprint sensor but I wasn't able to generate any public key
I'm not aware of that kind of support. Actually yubikey can be used as a passkey (I configured with GitHub and other account), but using smartphone or fingerprint sensor does not actually require a Yubikey and are differnent form of passkeys as far as I know.
Thank You for the Tutorial in Linux it works but on Windows the Window to confirm the Presence does not open
Tro to upgrade SSH to the latest version, which version do you have? Also if you have a RSA key you probably should create a config file to choose the right key
@@codewrecks ssh -V prints Out OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3 with win 11 64bit
You are using the old version included with the OS. You need to install the new one github.com/PowerShell/Win32-OpenSSH
@@codewrecks thank you now its working
@@RIPenemie Glad to be useful :), indeed that is the most common error, because windows changed how SSH was deployed
Thank u very much. Works great. But i have 2 questions
Can i use it also in Putty?
I have 3 Yubikeys.
How can i configure it that my Clients (2x Laptops/1x Desktop) can use all 3 yubikeys?
Maybe u can help me/us
Thank u.
Actually you can use your keys on any computer you want. When you first create the SSH key you get a private key (that is only a SHIM key that points to the right physical key). You can copy that private key on any computer you want.
You can also create resident key, where you can extract the SHIM key with command line tool.
I do not use putty from long time but from official documentation it seems that it has no problem with your yubi: developers.yubico.com/PGP/SSH_authentication/Windows.html
Hi, friend! Thank you for the video, but I noticed that when you create an authorized_keys file, you do not assign rights to it. By default, the mask of the created files is 022. That is, the user and his group will have read and write access, while other users will only have read access.
Accordingly, at the ssh connection stage, the client will display an error stating that the rights to the authorized_keys file have security problems. It makes sense to mention this! Gracias Señor!
Actually I've tried only on Windows, but yes, you are right, in linux is possible that you need to change permission to created file, as you would normally do with an RSA key.
How to configure yubikey to stop asking user to touch it every time you use the keys
when you create the SSH key you can use -O no-touch-required, I must be honest, never tried because I always like giving a physical confirmation, but that option should disable the requirement for touch.
How to add a second YubiKey to ssh so you have a backup
You will create another key in another yubikey, you need to configure both public keys in remote machines. This is needed because FIDO2 SSH keys have private key stored inside your yubikey, and cannot be exported.
Great video. What’s this fake private key format on disk
It is not a fake key, it refers to the physical key stored in YubiKey.
What if you lose the private key which resides on a machine? can I still log in to a remote device just by using a private key on my YubiKey? Is there a way to derive the lost key from the private key that resides in YubiKey?
If you choose resident key you can extract with a specific command check th-cam.com/video/jYb7l7mbhLM/w-d-xo.htmlfeature=shared