How To Set Up SSH Keys With YubiKey as Two-factor Authentication

There is no greater hope in human life than survival. At the same time, it is important to live well. With that in mind, every content on the website is written so that a person can get all the information from here to start his life to make beautifully.

According to that, Technology is one of the topics. It is also a part of life. Read carefully Details of Technology related article

How To Set Up SSH Keys With YubiKey as Two-factor Authentication

Below is a sneak peek of this content!

All Linux and Unix servers are managed manually or by automation tools such as Ansible using ssh. For example, say you have a server at Linode or AWS. Then you copy your public ssh key to a remote cloud server. Once copied, you can now login to those servers without a password as long as ssh keys are matched. It is the best practice. Unfortunately, you are not protecting ssh keys stored on a local desktop or dev machine at $HOME/.ssh/ directory. If your keys are stolen, an attacker can get access to all of your cloud servers, including backup servers. To avoid this mess, we can protect our ssh keys stored on local dev/desktop machines using physical security keys such as YubiKey.

How to configure SSH with YubiKey

In both cases, you need to insert your YubiKey (or any FIDO2 compatible hardware key) into a USB port and complete the authentication. In other words, ssh login will not work when malware or attacker has stolen your passphrase and ssh keys as they can not insert YubiKey and press the button on it to complete OTP for ssh keys.
In the corporate environment, we have a bastion host that allows ssh access with Yubikey. It is a special-purpose server on a network specifically designed and configured to withstand attacks. The server generally hosts an sshd process, and all other services are removed. Once logged into bastion host, you can access all other cloud servers easily. This guide will cover the following topics:


About the author:
Vivek Gite is Editor-in-Chief and the man behind nixCraft and OpensourceFlare ✨. He creates and maintains content on both sites as accurately as possible. Since 2000 Vivek has written over 7k+ posts that have been read many times. He is a die-hard fan of FLOSS and a full-time Linux desktop user since 1996. OpensourceFlare provides in-depth guides about Linux, BSD, programming, and other IT topics for Patreon subscribers without any ads or tracking. Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or weekly email newsletter.

Did you like this article?
Share it on any of the following social media channels below to give us your vote. Your feedback helps us improve.

Other related Technologies ideas you might enjoy

Related Articles

Leave a Reply

Your email address will not be published.