yubikey-manager
yubikey-agent
yubikey-manager | yubikey-agent | |
---|---|---|
8 | 15 | |
817 | 2,575 | |
1.7% | - | |
9.0 | 0.0 | |
15 days ago | 5 months ago | |
Python | Go | |
BSD 2-clause "Simplified" License | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
yubikey-manager
- Discord Rolled Out Yubikeys for All Employees
- Regarding Yubikey
-
Yubico - YubiKey 5C NFC // Does it work on Manjaro ? Also Any feedbacks on this ?
You'll probably want at least the yubico authenticator and manager apps / tools e.g. https://www.yubico.com/products/yubico-authenticator/ https://github.com/Yubico/yubioath-flutter/releases/tag/6.1.0 https://github.com/Yubico/yubikey-manager
-
How to always require a pin with Yubikey?
There is an alwaysUV option that was added to CTAP2 recently, but I think it's only the YubiKey BIO that implements it at the moment. There is an open issue to make the setting configurable in YubiKey Manager (which would presumably also tell you whether your YubiKey model supports it), but as of right now you would need the lower-level python-fido2 library to do it.
-
Using Yubikey with Chromebook
This any help? https://github.com/Yubico/yubikey-manager/issues/464
- Will Yubico Authenticator replace YubiKey Manager?
- How to Store an SSH Key on a Yubikey
-
Installed Linux (Mint Cinnamon) for the first time yesterday. Need help!
you can search for programs using whereis before running them. also it might be called something different that is why I said try the TAB autocompletion. according to their github the command is called ykman. it's a command line utility only, meaning, don't expect to see a graphical window unfortunately. there is a documentation on their site but I suggest to NOT follow it for installing as it is quite outdated (ubuntu 10.04). go to their github page I linked and follow the instructions there. can't help more as I don't use it.
yubikey-agent
-
Show HN: SSH-tpm-agent – SSH agent for TPMs
This is a great idea. I now exclusively use SSH keys on hardware security modules of some kind. I use "Secretive", a mac app that does the same, plus a yubikey using yubikey-agent (https://github.com/FiloSottile/yubikey-agent; there are too many complicated ways to use SSH keys with a yubikey this is one of the friendliest ones). Depending on the security and frequency of which I access the service impacts whether I need presence confirmation or use secretive versus the yubikey.
I would be remiss to mention there are existing SSH TPM projects, not sure how this one differentiates. It seems to at least have the user experience pretty simple, similar to yubikey-agent (and secretive), and unlike some of the existing solutions which have quite a few extra steps:
-
Secretive: Store SSH Keys in the Secure Enclave
Also check out https://github.com/FiloSottile/yubikey-agent which simplifies the setup quite a bit.
-
Yubikey ssh keys with Ansible, wants to be touched constantly
I'm using it on nixOS and macOS, via Nix Packages and Homebrew respectively. It's this - https://github.com/FiloSottile/yubikey-agent I'm realizing from this thread that it's not an official package. I'll go closer to the source with ykman. Thanks!
-
Is it possible to use AGE with a Ledger hardware device?
I think the Ledger Manager only interfaces with the GPG and SSH agents, neither of which age take advantage of. But age does have support for Yubikeys (see https://github.com/FiloSottile/yubikey-agent). If you can interface with the Ledger hardware device as a Yubikey, this might work. I don't have experience here, just a thought.
-
Cloudflare Hardware Keys (Yubico Partnership)
You can use PIV for SSH just fine.
It's not OpenSSH's weird FIDO mode, but I don't like the FIDO mode anyway because it requires storing a file on the computer.
https://github.com/FiloSottile/yubikey-agent
-
Am I the only one who's nervous when SSH-agent forwarding?
I have the same concern. I modified Pageant (Windows agent) so that it prompts me before signing anything which helps ease my mind, I only approve when I know I'm connecting to a new server. There are also options like requiring a Yubikey too (https://github.com/FiloSottile/yubikey-agent)
-
Failed to fetch key with ECDSA keys via libykcs11.dll
Aging MBP, Intel based, Monterey 12.3.1 uname -v Darwin Kernel Version 21.4.0: Fri Mar 18 00:45:05 PDT 2022; root:xnu-8020.101.4~15/RELEASE_X86_64 brew info yubikey-agent yubikey-agent: stable 0.1.5 (bottled), HEAD Seamless ssh-agent for YubiKeys and other PIV tokens https://filippo.io/yubikey-agent /usr/local/Cellar/yubikey-agent/0.1.5 (7 files, 4.8MB) * ...
-
How to Store an SSH Key on a Yubikey
Unless I've missed something, SSH keys stored on Yubikeys are still hampered because you aren't allowed to a touch policy of "touch never".
Imagine needing to touch the Yubikey with each "git pull" or using Ansible to operate over SSH on a dozen servers in parallel, and needing to touch the Yubikey once for each server.
The feature request I'm tracking is here: https://github.com/FiloSottile/yubikey-agent/issues/95
The proposed feature would allow setting a touch policy for the SSH key.
- FreeBSD SSH Hardening
-
Yubikey PIV encrypted messaging system
If you can do ssh, you can sign messages: https://github.com/FiloSottile/yubikey-agent
What are some alternatives?
python-fido2 - Provides library functionality for FIDO 2.0, including communication with a device over USB.
wsl-ssh-agent - Helper to interface with Windows ssh-agent.exe service from Windows Subsystem for Linux (WSL)
seeding-webauthn - A spec for deriving FIDO key pairs from a seed
aws-vault - A vault for securely storing and accessing AWS credentials in development environments
ArubaOTP-seed-extractor - Extract TOTP seed instead of using ArubaOTP app
authelia - The Single Sign-On Multi-Factor portal for web apps
nrf52840-mdk-usb-dongle - An open-source, small and low-cost USB Dongle that supports Bluetooth 5.4, Bluetooth mesh, Thread, Zigbee, 802.15.4, ANT and 2.4 GHz proprietary protocols
age-plugin-yubikey - YubiKey plugin for age
yubikey-manager-qt - Cross-platform application for configuring any YubiKey over all USB interfaces.
win-gpg-agent - [DEPRECATED] Windows helpers for GnuPG tools suite
FreeIPA - Mirror of FreeIPA, an integrated security information management solution
ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)