Configuring SSH FIDO U2F Authentication with YubiKey

preview_player
Показать описание
Forum post write up

How To Generate Ed25519 SSH Keys, Install Them, and Configure Secure Passwordless Authentication

LearnLinuxTV YubiKey Video

CVE-2021-3011

Connecting With Us
---------------------------------------------------

Lawrence Systems Shirts and Swag
---------------------------------------------------

AFFILIATES & REFERRAL LINKS
---------------------------------------------------
Amazon Affiliate Store

UniFi Affiliate Link

All Of Our Affiliates that help us out and can get you discounts!

Gear we use on Kit

Use OfferCode LTSERVICES to get 5% off your order at

Digital Ocean Offer Code

HostiFi UniFi Cloud Hosting Service

Protect you privacy with a VPN from Private Internet Access

Patreon

⏱️ Timestamps ⏱️
00:00 FIDO2 SSH Yubikey
01:10 Check SSH Vestion & Yubikey Version
02:40 install libfido2-dev
03:18 Generating ed25519-sk keys
05:36 Installing & Using the Keys
07:00 Cloning Keys?
#FidoU2F #Yubikey #SSH
  1. Lawrence Systems
  2. LawrenceSystems
  3. u2f ssh
  4. u2f ssh fido
  5. u2f ssh yubikey
  6. u2f key
Рекомендации по теме
Configuring SSH FIDO 0:09:46

Configuring SSH FIDO U2F Authentication with YubiKey

Yubikey 4 - 0:16:30

Yubikey 4 - SSH

How to use 0:39:17

How to use FIDO for SSH!

How to Use 0:05:28

How to Use a Yubikey with OpenSSH

Enable Multi-Factor Authentication 0:07:10

Enable Multi-Factor Authentication for SSH!

BitBastelei #545 - 0:24:26

BitBastelei #545 - 2FA und FIDO U2F für Linux und SSH

How to Configure 0:01:57

How to Configure Yubikey two-factor Authentication in SSH? || Configure Your Yubikey.

How To Setup 0:10:22

How To Setup MFA for Linux Login (SSH, Console, Sudo)

GnuPG for SSH 0:02:27

GnuPG for SSH authentication

I bought a 0:12:50

I bought a YubiKey now What: Basic SSH with your yubikey

Using YubiKey to 0:10:50

Using YubiKey to Secure Remote Servers in 10 minutes or less | Nextcloud 2FA

Configuring YubiKey 5 0:07:51

Configuring YubiKey 5 for SSH/GPG access to GitHub

Connect to GitHub 0:14:03

Connect to GitHub using SSH and Yubikey on windows

How to setup 0:02:33

How to setup SSH/PuTTY to use Yubikey OpenPGP authentication? (2 Solutions!!)

YubiKey Complete Getting 0:51:19

YubiKey Complete Getting Started Guide!

How to setup 0:02:32

How to setup SSH key authentication and two-factor authentication on Linux for remote login

Enterprise Security: Deploying 0:47:50

Enterprise Security: Deploying 2FA For SSH on FreeBSD with FIDO

Yubikey MFA Ubuntu 0:07:20

Yubikey MFA Ubuntu SSH

Sudo Authentication with 0:04:51

Sudo Authentication with Yubikey

Secure Your SSH 0:14:32

Secure Your SSH with Yubikey - What You Need to Know

SSH Authentication with 0:01:55

SSH Authentication with Fido2 / Yubico Security Key (2 Solutions!!)

Set up your 0:03:24

Set up your SSH security key in less than two minutes - GitHub Checkout

Protecting SSH with 0:16:37

Protecting SSH with Multi-Factor Authentication

Using FIDO U2F 0:10:41

Using FIDO U2F Two Factor Authentication with Yubi Key

Комментарии
Автор

Forum post write up

LearnLinuxTV YubiKey Video

CVE-2021-3011


⏱ Timestamps ⏱
00:00 FIDO2 SSH Yubikey
01:10 Check SSH Vestion & Yubikey Version
02:40 install libfido2-dev
03:18 Generating ed25519-sk keys
05:36 Installing & Using the Keys
07:00 Cloning Keys?

LAWRENCESYSTEMS
Автор

“Feel free to flame me in the comments for doing things as root” - now that’s a seasoned YouTuber who knows their audience well! Great video once again, Tom!

cloudcultdev
Автор

Good video sir ! I use the UB-C version for my phone & laptops. These things are amazing & durable too !!

JasonsLabVideos
Автор

I really enjoy your videos, technical enough to make things happen with simple enough explanations that I can understand what is going on.


Thanks again!

daveemmons
Автор

Thanks for the info - this is very sensible and simple now days.
only thing that stops me from using yubikey for constant auth is needing to plug in the device :P
need to get a cable to move the USB ports closer to my keyboard

NicholasOrr
Автор

A good idea to get two keys since some sites that uses fido2 only supports another key as the backup login method. (or their other backup is "less than secure")

omfghaiu
Автор

Tom – thanks for the video. I think you will want to encourage viewers to use pass phrases with their hardware keys. It’s a lot easier to steal a hardware device than a passphrase, and if somebody has the device to get into your servers, they will be very glad that you did not protect it with a passphrase.

bobtatar
Автор

Thanks for the video. Can I use yubikey with Radius server in pfsense?

steinerviana
Автор

Fantastic video. Can you do the same thing with PF sense? You do a video that shows Just working with PFSENSE

BrianThomas
Автор

I am kind of late 😂…. But how do I configure multiple YubiKeys (main+backups)? I just have to generate one shh key for each u2f key with a different name and thats all?

austin
Автор

What if I lost the key on the client host? Is there a way to generate it back using just the hardware key?

bardus_hobus
Автор

Does this work with nested ssh sessions? I usually ssh from my windows machine into my pop-os vm, and from there I can run tmux and ssh into my other linux servers.

jacobhenriksen
Автор

Lawrence. Big fan of the content. Regarding the advice "get a second key and store it in a safe deposit box" how does that work? You can't enroll the second key as a backup for a service if its locked up at a remote location. To me the second key just becomes stale from the second you enroll the first key in another service. Am I missing something?

craigstone
Автор

Thank you for putting this video together. I do have one question about the ssh-keygen command. Does this command overwrite anything on the YubiKey? The reason for the question is that I have an existing YubiKey that I’m using for FIDO2 and I don’t want to break it.🙂

jessedyson
Автор

This method is very effective for security devices and even web page. Personally I like to use Google Authentication or Microsoft Authentication app on my phone, this way I don't have to carry e, tea items. Lawrence, do you know any good software that can integrate Authentication app with ssh or OpenVPN?

simons
Автор

Would it be possible to create a kind off security token from a standart thumb drive ?
Shure, you can mont you thumb drive, who contain your key, on you ~/.ssh folder, but is there another trick to combine both "private key" and "thumb drive residente" part of the autentification?

philippe_demartin
Автор

It would be nice to have a way to do this with a USB drive in some way, but I know thats not possible because the electronics is required; maybe a raspberry pi zero or pico could do the job and then you would also have even more 'playing around' space for interesting 'active encryption response'. (just brainstorming ideas)

CaptZenPetabyte
Автор

Can i use multiple ed25519-sk with same Yubikey. Will it override the previous keys?

danimoosakhan
Автор

Is there any practical difference between ecdsa-sk and ed25519-sk in this application? I can get ecdsa-sk to work with my hardware key but so far have been unsuccessful with ed25519-sk.

shaung
Автор

Don't these have to send a request to the Yubikey's servers each time an auth attempt is made?

aasd