YubiKey Complete Getting Started Guide!

Показать описание

Have you considered using a YubiKey? In this complete guide, you'll learn everything you need in order to get started with these awesome security keys. We'll go over the differences between the available models, which one you should buy, as well as how to set it up to protect local logon for Linux, macOS, and Windows. In addition, two methods for protecting OpenSSH via YubiKeys are also covered.

Note: Yubico, the makers of the YubiKey, did NOT sponsor this video or had any involvement whatsoever.

*Brand New Ansible Course Available*
Check out the new course on Udemy! It covers everything you need to get started with Automation.

*🐧 SUPPORT LINUX LEARNING!*
_Note: Royalties and/or commission is earned from each of the above links_

*Individual Sections*
00:00 - Intro
02:12 - Section 1: What is a Yubikey?
07:54 - Section 2: Which model should you buy?
13:19 - Section 3: Securing Online Accounts
16:14 - Section 4: Setting up a Yubikey with local macOS user accounts
22:05 - Section 5: Setting up a Yubikey with local Windows user accounts
29:14 - Section 6: Setting up a Yubikey with Desktop Linux
36:53 - Section 7: Securing OpenSSH with a Yubikey (Fido2 Method)
42:51 - Section 8: Securing OpenSSH with a Yubikey (Non-Fido2 Method)

*Video Specific Links*

*🌐 LEARN LINUX TV ON THE WEB*

*⚠️ DISCLAIMER*
Learn Linux TV provides technical content that will hopefully be helpful to you and teach you something new. However, this content is provided without any warranty (expressed or implied). Learn Linux TV is not responsible for any damages that may arise from any use of this content. Always make sure you have written permission before working with any infrastructure and that you are compliant with all company rules, change control procedures, and local laws.

#Yubikey #Security #Linux

Рекомендации по теме

Комментарии

If you use Linux Mint you need to edit the lightdm file as Linux Mint doesn't use gdm-password. Just follow the same method for making the change and it will work the exact same way. I have been looking for a guide to Yubikeys for over a year. How did I miss this back in April? I love this channel! Subscribed.

nicosilva

Great video on the yubikey, thanks for making it. I could do without the background music though, it's too loud.

Joel-xxpr

I think you saved me. No way this was getting done without your video. Much appreciated!

drewmeister

Thanks for going to all the trouble of making such a thorough Yubikey primer. You ROCK my friend!!

stansmiley

Great video! I just would like to give my point of view as a user and also describe how I use my Yubikeys (not as you does).

I use Yubikeys, but the implantation of FIDO2 is lacking mon many websites, and sometimes you can only register one key... I hope the situation will improve in the future.
So, about the Yubikey 5 (the on that I use) OTP have a limit of 20 or 25, so if you have more them that you have to mange multiple Yubikey or really on tiger solutions. About the biometric Yubikey serie 5 potential user have to consider the longevity and reliability of the fingerprint reader, personally it's a concern for me maybe not for other people.
About my usage, I love the opengpg support of the Serie 5, generating your master keys and sub keys with a expriation date, and burning the subkeys on your Yubikeys.
The private subkeys are on your Yubikeys, and the private master key never touch a online computer and is store and backup in different and secure places.
Private subkeys can't be extract (beside some exploit...) You can configure your key as you want, for example can set a pasword, requiring the user to touch physically your key, set the number of try before the Yubikey destroy you subkeys.

Opengpg is very flexible, You can use this for a password manager, for encryp email, files, to log on you server using ssh ( SSH using opengpg is more convenient for me, the technique use in the video require openssh 8.2.. this version isn't yet on every LTS distro since it's quite recent. But FIDO2 is a more secure it's a fact)

I like the fact that I use one public key for everything, that the key never leave my Yubikeys but that I have the master key and that I can switch of other device or tools in the future that supports opengpg.

So my advice, chose your Yubikey accordingly to you need, and don't forget to setup you Yubikey, for sensitive use case setup your Yubikey in a airgape PC using a live distro like Tails who supports Yubikey out of the box.

Keep in mind that if you don't manage your keys, someone else does it for you..

rittalisa

An additional application for these is PGP encrypted emails. You can load in your private key stubs and then when you send an encrypted email you just touch the key for the email to be encrypted and signed with your private key.

The trick is finding other people who are first of all nerdy enough, and second of all wise enough, to use PGP. I only know one person - me - and so I can only send encrypted emails to myself. But it's a very agreeable secret conversation.

brianhoskins

I've just subscribed & rang the notification bell.
I've read all the replies up to this point.
I, like most everyone else, wish there was no background music.
I've successfully "Smart-Cart Enabled" both of my YubiKeys to both of my Macs. The only way I can log into either computer is with my YubiKey/PIN. Login passwords no longer work.
It should be mentioned that High Sierra OS 10.13 is the oldest Mac OS that can be configured to use YubiKeys.
Warm Regards from Reno, Nevada

azclaimjumper

The background music volume changing is kinda jarring. I think it would be better if lower volume and consistent.

dustinphillips

Just recieved the cheaper security key series ( blue one) and it does support NFC. I tested it with my phone. I also think it supports OTP. See the wifi symbol on the key.

terranaudio

The Best intro and workarounds about Yubikey!

mickotec

I've done a little more investigation and going to /etc/pam.d and changing common-auth seems to cover all the login methods at once. Changing the individual files gives finer grained control but for a change that should be ubiquitous common-auth is probably a better place. I don't do ssh so I didn't test that.

If you do decide to change common-auth you will probably want to back out the changes to the specific files such as login, unless you like pressing the Yubikey more than once.

frankenberry

Great video. Informative and clear as always. I see plenty of feedback on the background music, but just one additional suggestion:

Consider testing the background music at different playback speeds ahead of time. For those of us who listen on fast playback, some music/tempos develop strange artifacts and become extra distracting at faster playback speed, which might contribute to why some found the music more distracting.

psecretpseudonym

Thanks for the video. What was missing is a backup strategy.

colebq

Gday Jay, firstly I love your content👍🏻 You explain things simple and very easy to follow along. In regards to Yubikey, would you consider doing a tutorial install for Fedora? I have had no luck as the documentation is not easy to follow (for me anyway) or it’s not up to date. Thanks again for your work. 👍🏻

Mrmuso

Thank you for making the Mac login with Yubikey so easy to follow.

mer

Apparently the name has two sources: 1) "Your UBIquitous KEY" and 2) Japanese word "yubi" (指 'finger') to represent touching your YubiKey with your finger to verify your physical present.

bendono

Probably best Yubikey overview I've found, and I've been reviewing quite a bit of different instructional material. So, thank you for this.

Would be great if you can also create a Yubikey - Veracrypt instructional video as well.

UnBubba

I finally broke down and bought one. Re-watching this to see what I need to do to get this working. Of course this is the first place I go. 😀

act..

Although it doesn't carry the certifications of the HSM, the YubiKey 5 series can also act as a HSM, storing private keys in a way that can't be retrieved (so the YubiKey itself signs certificates, for example). SmallStep use this capability to build a Raspberry Pi-based local certificate authority.

danbrown

I just found about yubikeys through Tom's video... Did not give this a thought before since using an app to do the 2FA.. Going to order one and a backup one asap.. Seems invaluable these days! Thansk alot of this great video, very well explained!

JPEaglesandKatz

YubiKey Complete Getting Started Guide!

YubiKey Complete Getting Started Guide!

YubiKey Beginner Crash Course | First-Time Guide | Easy Steps

Setup a 2FA Key for MAXIMUM Online Security! (Yubikey Tutorial)

Yubikey - The Ultimate Beginner Guide (How to Setup & Use)

Instructional Setup Series: YubiKey 5 Series

YubiKey 5 NFC : How to Setup & Use Yubico!

I bought a Yubikey now what? Setting pin and configure the key

Yubico YubiKey 5 NFC Review & Tutorial: How to Setup a YubiKey

Everything to Know About Configuring & Purchasing the Yubikey

How To Setup & Use Yubikey 5 Series Hardware Tokens - The BEST 2FA Option!

How to setup your YubiKey Bio on Windows

Instructional Setup Series: YubiKey Security Key Series

Instructional Setup Series: YubiKey 5 FIPS Series

How-to: Go Passwordless with Microsoft Accounts & YubiKey

How to Use YubiKey 5 NFC with iPhone Or Android! [Step by Step Set Up]

What is a Yubikey and Which One is Right for me? | Getting Started

Modernize MFA with the YubiKey

Do This Now! Yubikey + Google U2F Setup - EASY!

Yubikey and 2 Factor Authentication Walkthrough Guide

Which YubiKey Should I Get? 2023 2FA Hardware Key Buyers Guide

Yubikey Backups - How to TOTP Across Multiple Yubikeys

You Should Be Using Yubikeys!

Setting up the YubiKey on Ubuntu (Desktop and Server)

Debunking 5 MYTHS About Yubikey