2. OpenSSH command for Yubkey FIDO2
Unfortunately, Windows 11 does not currently support FIDO2 enrollment.
Last updated
Unfortunately, Windows 11 does not currently support FIDO2 enrollment.
Last updated
FIDO2 (with ed25519-sk) is a simple way to protect your keys and is simple to enroll. Unfortunately, not all Yubikeys support FIDO2. In that case, you might be able to use your Yubikey like a "Smartcard" (PIV). Yubikey/Smartcard takes more steps but is not that difficult. Please see:
MacOS: https://docs.k9.io/key9-documentation/macos-yubikey-smartcard-piv-instructions.
Windows: https://docs.k9.io/key9-documentation/windows-yubikey-smartcard-piv-instructions
First, make sure your Yubikey is PIN-protected. If it is not PIN protected, do that first:
If your Yubikey is PIN-protected, run the following command to sign a new private key with your Yubikey.
$ ssh-keygen -t ed25519-sk -O resident -O verify-required -O application=ssh:key9.dev