Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →
Top 23 Yubikey Open-Source Projects
-
keepassxc
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
rage
A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.
-
GlobalProtect-openconnect
A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, etc.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
yubikey-manager
Python library and command line tool for configuring any YubiKey over all USB interfaces.
-
libfido2
Provides library functionality for FIDO2, including communication with a device over USB or NFC.
-
glewlwyd
Experimental Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
-
python-fido2
Provides library functionality for FIDO 2.0, including communication with a device over USB.
-
yubikey-touch-detector
A tool to detect when your YubiKey is waiting for a touch (to send notification or display a visual indicator on the screen)
-
WireGuard-Guide
WireGuard Guide. Learn all about WireGuard for Networking and in the Cloud (Microsoft Azure, AWS, and Google Cloud).
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.
Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...
Project mention: KeePassXC Issue: [Passkeys] should never be exported in clear text | news.ycombinator.com | 2024-03-13
Project mention: Can I use Security Key C NFC as backup for 5C NFC if I use OpenPGP? | /r/yubikey | 2023-12-07Instead, most people generate keypair(s) on an airgapped machine and write them to two Yubikeys. Or write subkeys to a single Yubikey and keep a backup in encrypted form. See https://github.com/drduh/YubiKey-Guide
This is a great idea. I now exclusively use SSH keys on hardware security modules of some kind. I use "Secretive", a mac app that does the same, plus a yubikey using yubikey-agent (https://github.com/FiloSottile/yubikey-agent; there are too many complicated ways to use SSH keys with a yubikey this is one of the friendliest ones). Depending on the security and frequency of which I access the service impacts whether I need presence confirmation or use secretive versus the yubikey.
I would be remiss to mention there are existing SSH TPM projects, not sure how this one differentiates. It seems to at least have the user experience pretty simple, similar to yubikey-agent (and secretive), and unlike some of the existing solutions which have quite a few extra steps:
Project mention: Do any libraries exist for zero-trust file storage (storing client-encrypted data on the server without the key)? | /r/rust | 2023-04-29
In order to reach a client's domain for a project, my team needs to use a VPN and the instructions were pretty clear regarding which tool to use - GlobalProtect VPN - so I've installed https://github.com/yuezk/GlobalProtect-openconnect and was able to connect successfully.
It's open source, the repository is here
There's documentation online for yubico-pam here: https://developers.yubico.com/yubico-pam/
Project mention: Happy Saint Nicholas' Day 🎅 Here is a beautiful Wireguard Desktop Client to connect to your home lab 🤩 | /r/homelab | 2023-12-06We're bringing you the most beautiful (in our opinion) #Wireguard Desktop Client on the market 💥 and many many new features! (full release notes)
If that project https://github.com/buptczq/WinCryptSSHAgent had a pin timeout, it would be the perfect Windows ssh agent. It support named pipe, pagent shared memory and a UNIX socket under WSL2 using Hyper-V and socat.
Project mention: NIST: Personal Identity Verification (PIV) of Federal Employees and Contractors | news.ycombinator.com | 2024-03-23PuTTY-CAC was an interesting, although imperfect solution to using PIV/CAC cards together with SSH. I remember piloting it from 2013-2014 at an agency. Back then, it was maintained by Dan Risacher[0]. Nowadays it is maintained on GitHub[1] and adopted some interesting features like FIDO.
[0] https://risacher.org/putty-cac/
[1] https://github.com/NoMoreFood/putty-cac
On Linux there is https://github.com/maximbaz/yubikey-touch-detector which does exactly this.
Yubikey related posts
- Can I use Security Key C NFC as backup for 5C NFC if I use OpenPGP?
- Ask HN: Why does YubiCo need my private key?
- An Opinionated Yubikey Set-Up Guide
- How to use Yubikey to login into a server
- Unix sockets, Cygwin, SSH agents, and sadness
- Discord Rolled Out Yubikeys for All Employees
- Guide to Using Yubikey for GPG and SSH
-
A note from our sponsor - InfluxDB
www.influxdata.com | 29 Apr 2024
Index
What are some of the best open-source Yubikey projects? This list will help you:
Project | Stars | |
---|---|---|
1 | authelia | 19,578 |
2 | keepassxc | 19,253 |
3 | YubiKey-Guide | 10,735 |
4 | yubikey-agent | 2,568 |
5 | rage | 2,326 |
6 | GlobalProtect-openconnect | 1,139 |
7 | yubioath-flutter | 913 |
8 | dotfiles | 876 |
9 | yubiswitch | 863 |
10 | yubikey-manager | 810 |
11 | yubikey-full-disk-encryption | 775 |
12 | yubico-pam | 664 |
13 | defguard | 623 |
14 | libfido2 | 548 |
15 | pam-u2f | 517 |
16 | WinCryptSSHAgent | 516 |
17 | age-plugin-yubikey | 502 |
18 | putty-cac | 448 |
19 | glewlwyd | 425 |
20 | LDAP Account Manager (LAM) | 407 |
21 | python-fido2 | 404 |
22 | yubikey-touch-detector | 383 |
23 | WireGuard-Guide | 353 |
Sponsored