Thank u very much. Works great. But i have 2 questions Can i use it also in Putty? I have 3 Yubikeys. How can i configure it that my Clients (2x Laptops/1x Desktop) can use all 3 yubikeys? Maybe u can help me/us Thank u.
Actually you can use your keys on any computer you want. When you first create the SSH key you get a private key (that is only a SHIM key that points to the right physical key). You can copy that private key on any computer you want. You can also create resident key, where you can extract the SHIM key with command line tool. I do not use putty from long time but from official documentation it seems that it has no problem with your yubi: developers.yubico.com/PGP/SSH_authentication/Windows.html
Hey Gian! Your Yubikey playlist has been incredibly helpful-I've learned a lot! Thanks for creating it. Just a quick note: in the video, you mentioned the SSH Private key as a "reference," but it's actually the genuine PRIVATE KEY encrypted with the Yubikey's master key. Also, the SSH Private key isn't stored in the Yubikey; instead, the Yubikey decrypts it when you connect. I noticed this distinction after watching your follow-up videos on resident keys. Adding a note in the description could clarify this for future viewers. Thanks for your great content!
Thanks, following official documentation (developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html) the private key should be stored inside the key. … The first file, id_ecdsa_sk, contains a reference to the private key credential stored on the YubiKey. The second file ,id_ecdsa_sk.pub, contains the public key
when you create the SSH key you can use -O no-touch-required, I must be honest, never tried because I always like giving a physical confirmation, but that option should disable the requirement for touch.
Tro to upgrade SSH to the latest version, which version do you have? Also if you have a RSA key you probably should create a config file to choose the right key
Hi, friend! Thank you for the video, but I noticed that when you create an authorized_keys file, you do not assign rights to it. By default, the mask of the created files is 022. That is, the user and his group will have read and write access, while other users will only have read access. Accordingly, at the ssh connection stage, the client will display an error stating that the rights to the authorized_keys file have security problems. It makes sense to mention this! Gracias Señor!
Actually I've tried only on Windows, but yes, you are right, in linux is possible that you need to change permission to created file, as you would normally do with an RSA key.
What if you lose the private key which resides on a machine? can I still log in to a remote device just by using a private key on my YubiKey? Is there a way to derive the lost key from the private key that resides in YubiKey?
If you choose resident key you can extract with a specific command check ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-jYb7l7mbhLM.htmlfeature=shared
I adore how well explained these tutorials are. At the moment would it be possible to use other Windows Hello methods to generate a key pair? I tried to use smartphone passkeys and a laptop fingerprint sensor but I wasn't able to generate any public key
I'm not aware of that kind of support. Actually yubikey can be used as a passkey (I configured with GitHub and other account), but using smartphone or fingerprint sensor does not actually require a Yubikey and are differnent form of passkeys as far as I know.
