Last active
October 17, 2025 22:31
-
-
Save lattice0/d80de5bebb46f6afc307c4f00ee547f0 to your computer and use it in GitHub Desktop.
yubikey SSH simple guide for SSH resident keys
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To generate: | |
| ``` | |
| ssh-keygen -t ed25519-sk -O resident -O verify-required -C "0000000" | |
| ``` | |
| And if you move computers, in the new one just run | |
| ``` | |
| ssh-keygen -K | |
| ``` | |
| which will load the secret key ID (not the actual secret key) from the yubikey and place on the .ssh folder. | |
| # To use: | |
| ``` | |
| sudo apt install -y gnupg2 gnupg-agent scdaemon pcscd yubikey-manager | |
| ``` | |
| ``` | |
| gpg --card-status | |
| ``` | |
| Add this to your shell profile (~/.bashrc, ~/.zshrc, etc.): | |
| ``` | |
| export GPG_TTY=$(tty) | |
| export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) | |
| gpgconf --launch gpg-agent | |
| ``` | |
| Then reload your shell or run: | |
| ``` | |
| source ~/.bashrc # or ~/.zshrc | |
| ``` |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment