Sönke Schwardt-Krummrich

I have wanted to use my Yubikeys for a secure SSH login for some time now. But like @jgoerzen, I have come across many incorrect, poorly explained and inadequately explained instructions. It looks like John has now written the ultimate guide for #SSH with #FIDO2/U2F hardware keys that beats all other guides I know of.

https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/

Easily Using SSH with FIDO2/U2F Hardware Security Keys

A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess). So does OpenSSH. This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh. A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.

www.complete.org
May 18 at 11:31amWeb