Menu
A YubiKey is a small hardware device that offers two-factor authentication with a simple touch of a button. It appears like a USB human interface device (read: keyboard) and under normal conditions, when you press the button, it emits some random characters as if you typed them. Unfortunately, while you can use a key to authenticate a macOS system, there is not. The best security key for most people: YubiKey 5 NFC.
![]()
Yubico, a company that makes physical security keys for two-factor authentication, today announced the launch of its Lightning-based YubiKey device that's designed to work with Apple's iPhones and iPads. Yubico has long offered USB-A, USB-C, and NFC-based YubiKey options for PCs, Macs, and mobile devices, but this is the first time that a Lightning-based accessory has been made available. For those unfamiliar with YubiKey, it is a hardware-based two-factor authentication device designed to work with hundreds of services to make your logins more secure. It's often more convenient than software-based two-factor authentication because there's no need to enter a security code - just connect it and tap to authenticate. The new YubiKey 5Ci, which was first introduced in January at CES, features a Lightning port at one end and a USB-C port at the other end, so it works with Apple's latest iOS devices and Macs, with the exception of the iPad Pro, as it is not compatible with the USB-C side at the current time. With the YubiKey 5Ci, users can lock down their 1Password, Bitwarden Idaptive, LastPass, and Okta apps with hardware authentication. At the current time, it also works with the Brave browser for iOS, authenticating logins from sites like Twitter, Login.gov, GitHub, Bitbucket, 1Password, and others. With the 1Password app, for example, you can set up two-factor authentication using the YubiKey to add an additional layer of protection for your 1Password account. This will require both your master password and your physical YubiKey to unlock your vault,
![]()
Setting up ssh public key authentication on macOS using a YubiKey 4I largely followed, but have a few notes to add regarding issues I encountered: Basic setup notes. I used a YubiKey 4, while the blog describes using a YubiKey NEO. I'm sure a YubiKey 5 would also work. I'm also running macOS 10.13.6. I installed as recommended.
However, as I'll note later, it seems that gpg-agent only automatically starts when gpg is used; for ssh, you'll need to ensure it's running. Before generating your keys, decide what key size you want to use. If you run the list command inside gpg -edit-card, look for the Key attributes line to see what is currently selected. On my YubiKey 4, it defaulted to 2048 bits for all keys:Key attributes.: rsa2048 rsa2048 rsa2048These correspond to the signature key, encryption key, and authentication key. (I believe only the authentication key is used for ssh.)Running the key-attr admin subcommand lets you change these: gpg/card key-attrChanging card key attribute for: Signature keyPlease select what kind of key you want:(1) RSA(2) ECCYour selection?
1What keysize do you want? (2048) 4096Changing card key attribute for: Encryption keyPlease select what kind of key you want:(1) RSA(2) ECCYour selection? 1What keysize do you want?
![]()
(2048) 4096Changing card key attribute for: Authentication keyPlease select what kind of key you want:(1) RSA(2) ECCYour selection? 1What keysize do you want?
(2048) 4096gpg/card list.Key attributes.: rsa4096 rsa4096 rsa4096.(Note that the OpenPGP applet only works with RSA, not ECC, so don't choose that.). After generating keys, ssh-add -L may not initially show anything. Export GPGTTY= ' $(tty ) ' export SSHAUTHSOCK= $(gpgconf -list-dirs agent-ssh-socket )gpgconf -launch gpg-agent(This is taken from @drduh's.)After updating this, launch a new shell, and ssh-add -L should now show you your public key, and you can follow the rest of the directions provided.
![]() Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |