Top 23 Yubikey Open-Source Projects

• authelia

  174 19,578 9.9 Go

  The Single Sign-On Multi-Factor portal for web apps

  

Project mention: Keycloak SSO with Docker Compose and Nginx | news.ycombinator.com | 2024-02-11

It's me and two others though I'm definitely the most active. We put a lot of effort into security best practices and one of my co-developers is currently reviewing the 4.38.0 release. It's a fairly major release with a lot of important code paths that have been improved for the future.

Our official docs can be found at https://www.authelia.com and you can find docs for a particular PR in the relevant PR. We've also linked the pre-release docs in the pre-release discussions which can be found here: https://github.com/authelia/authelia/discussions/categories/...

• keepassxc

  512 19,253 8.9 C++

  KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.

  

Project mention: KeePassXC Issue: [Passkeys] should never be exported in clear text | news.ycombinator.com | 2024-03-13

• InfluxDB

  www.influxdata.com sponsored

  Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.

  

• YubiKey-Guide

  112 10,735 8.3 HTML

  Guide to using YubiKey for GnuPG and SSH

Project mention: Can I use Security Key C NFC as backup for 5C NFC if I use OpenPGP? | /r/yubikey | 2023-12-07

Instead, most people generate keypair(s) on an airgapped machine and write them to two Yubikeys. Or write subkeys to a single Yubikey and keep a backup in encrypted form. See https://github.com/drduh/YubiKey-Guide

• yubikey-agent

  15 2,568 0.0 Go

  yubikey-agent is a seamless ssh-agent for YubiKeys.

Project mention: Show HN: SSH-tpm-agent – SSH agent for TPMs | news.ycombinator.com | 2023-07-29

This is a great idea. I now exclusively use SSH keys on hardware security modules of some kind. I use "Secretive", a mac app that does the same, plus a yubikey using yubikey-agent (https://github.com/FiloSottile/yubikey-agent; there are too many complicated ways to use SSH keys with a yubikey this is one of the friendliest ones). Depending on the security and frequency of which I access the service impacts whether I need presence confirmation or use secretive versus the yubikey.

I would be remiss to mention there are existing SSH TPM projects, not sure how this one differentiates. It seems to at least have the user experience pretty simple, similar to yubikey-agent (and secretive), and unlike some of the existing solutions which have quite a few extra steps:

• rage

  36 2,326 9.0 Rust

  A simple, secure and modern file encryption tool (and Rust library) with small explicit keys, no config options, and UNIX-style composability.

Project mention: Do any libraries exist for zero-trust file storage (storing client-encrypted data on the server without the key)? | /r/rust | 2023-04-29

• GlobalProtect-openconnect

  15 1,139 8.7 Rust

  A GlobalProtect VPN client for Linux, written in Rust, based on OpenConnect and Tauri, supports SSO with MFA, Yubikey, etc.

Project mention: GlobalProtect VPN and browser configuration | /r/ManjaroLinux | 2023-09-15

In order to reach a client's domain for a project, my team needs to use a VPN and the instructions were pretty clear regarding which tool to use - GlobalProtect VPN - so I've installed https://github.com/yuezk/GlobalProtect-openconnect and was able to connect successfully.

• yubioath-flutter

  10 913 9.8 Dart

  Yubico Authenticator for Desktop (Windows, macOS and Linux) and Android

  

Project mention: audit for app? | /r/yubikey | 2023-07-09

It's open source, the repository is here

• WorkOS

  workos.com sponsored

  The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  

• dotfiles

  6 876 8.9 Shell

  Configuration for Arch Linux, Hyprland, kitty, kakoune, zsh and more (by maximbaz)

• yubiswitch

  1 863 2.9 Objective-C

  OSX status bar application to enable/disable Yubikey Nano

• yubikey-manager

  8 810 9.1 Python

  Python library and command line tool for configuring any YubiKey over all USB interfaces.

  

Project mention: Discord Rolled Out Yubikeys for All Employees | news.ycombinator.com | 2023-08-06

• yubikey-full-disk-encryption

  16 775 0.0 Shell

  Use YubiKey to unlock a LUKS partition

• yubico-pam

  6 664 0.0 C

  Yubico Pluggable Authentication Module (PAM)

  

Project mention: Mac OS login by trouch | /r/yubikey | 2023-05-07

There's documentation online for yubico-pam here: https://developers.yubico.com/yubico-pam/

• defguard

  9 623 9.4 TypeScript

  Enterprise, fast, secure VPN & SSO platform with hardware keys, 2FA/MFA

  

Project mention: Happy Saint Nicholas' Day 🎅 Here is a beautiful Wireguard Desktop Client to connect to your home lab 🤩 | /r/homelab | 2023-12-06

We're bringing you the most beautiful (in our opinion) #Wireguard Desktop Client on the market 💥 and many many new features! (full release notes)

• libfido2

  6 548 8.6 C

  Provides library functionality for FIDO2, including communication with a device over USB or NFC.

  

• pam-u2f

  3 517 6.0 C

  Pluggable Authentication Module (PAM) for U2F and FIDO2

  

• WinCryptSSHAgent

  7 516 2.0 Go

  Using a Yubikey for SSH Authentication on Windows Seamlessly

Project mention: Unix sockets, Cygwin, SSH agents, and sadness | news.ycombinator.com | 2023-08-29

If that project https://github.com/buptczq/WinCryptSSHAgent had a pin timeout, it would be the perfect Windows ssh agent. It support named pipe, pagent shared memory and a UNIX socket under WSL2 using Hyper-V and socat.

• age-plugin-yubikey

  11 502 4.9 Rust

  YubiKey plugin for age

• putty-cac

  12 448 6.1 C

  Windows Secure Shell Client With Support For Smart Cards, Certificates, & FIDO Keys

Project mention: NIST: Personal Identity Verification (PIV) of Federal Employees and Contractors | news.ycombinator.com | 2024-03-23

PuTTY-CAC was an interesting, although imperfect solution to using PIV/CAC cards together with SSH. I remember piloting it from 2013-2014 at an agency. Back then, it was maintained by Dan Risacher[0]. Nowadays it is maintained on GitHub[1] and adopted some interesting features like FIDO.

[0] https://risacher.org/putty-cac/

[1] https://github.com/NoMoreFood/putty-cac

• glewlwyd

  2 425 8.9 C

  Experimental Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins

• LDAP Account Manager (LAM)

  0 407 9.5 PHP

  LDAP Account Manager

  

• python-fido2

  5 404 7.6 Python

  Provides library functionality for FIDO 2.0, including communication with a device over USB.

  

• yubikey-touch-detector

  1 383 5.4 Go

  A tool to detect when your YubiKey is waiting for a touch (to send notification or display a visual indicator on the screen)

Project mention: Windows Notifications? | /r/yubikey | 2023-06-22

On Linux there is https://github.com/maximbaz/yubikey-touch-detector which does exactly this.

• WireGuard-Guide

  5 353 5.1 Go

  WireGuard Guide. Learn all about WireGuard for Networking and in the Cloud (Microsoft Azure, AWS, and Google Cloud).

• SaaSHub

  www.saashub.com sponsored

  SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

  

Yubikey related posts

• Can I use Security Key C NFC as backup for 5C NFC if I use OpenPGP?
  1 project | /r/yubikey | 7 Dec 2023
• Ask HN: Why does YubiCo need my private key?
  1 project | news.ycombinator.com | 29 Sep 2023
• An Opinionated Yubikey Set-Up Guide
  1 project | news.ycombinator.com | 15 Sep 2023
• How to use Yubikey to login into a server
  1 project | /r/yubikey | 7 Sep 2023
• Unix sockets, Cygwin, SSH agents, and sadness
  4 projects | news.ycombinator.com | 29 Aug 2023
• Discord Rolled Out Yubikeys for All Employees
  3 projects | news.ycombinator.com | 6 Aug 2023
• Guide to Using Yubikey for GPG and SSH
  1 project | news.ycombinator.com | 30 Jul 2023
• A note from our sponsor - InfluxDB
  www.influxdata.com | 29 Apr 2024

  Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality. Learn more →

Index

Sponsored

SaaSHub - Software Alternatives and Reviews

SaaSHub helps you find the best software and product alternatives

www.saashub.com