Yubikey Handbook
Introduction
About the author
Personal Identity Verification (PIV)
Use cases for a PIV-enabled Yubikey
Yubikey PIV Manager
Device initialization
Authenticating SSH with PIV and PKCS#11 (client)
Troubleshooting
Authenticating SSH via User Certificates (server)
Generating the Key Revocation List (KRL)
Authenticating SSH Host Certificates (client)
Additional resources
2FA via Yubico OTP (server)
Setting up a remote server
Prerequisites (demonstration only)
Configuring OpenSSH (sshd) for 2FA authentication
Installing libpam-yubico
Creating the Yubikey PAM authentication policy
Yubikey authentication module
Testing
OATH (TOTP and HOTP)
Using the Yubico Authenticator
U2F (Security Keys)
Docker Content Trust
Key Management
Running Notary services
Configuring Notary
Managing certificates
Additional resources
Pushing a signed Docker image
Generate the root key on the Yubikey
Pushing the image
Listing signed images on a remote repository
Delegation roles
Generating a delegation key
Importing a delegation certificate
Using a delegation key
Automating image signing on CI systems
Removing a delegation key
Rotating a key
Snapshot key
Timestamp key
Targets key
Threshold validation signing
OpenPGP
Touch protection
Enabling touch protection
Importing keys
Editing metadata
Git signing
Signing tags
Verifying tags
Signing commits
Verifying commits
Signing merges
Signing pushes
Authenticating SSH with GPG
Troubleshooting
gpg failed to sign the data
macOS integration
Offline authentication using HMAC-SHA1 Challenge-Response
Configuring HMAC-SHA1 Challenge-Response
Login and keychain authentication
Managing pairing
Powered by
GitBook
Additional resources
Additional resources
How I've set up SSH keys on my Yubikey 4 (so far)
How to Harden SSH with Identities and Certificates
Scalable and secure access with SSH
results matching "
"
No results matching "
"