developers.yubico.com icon indicating copy to clipboard operation
developers.yubico.com copied to clipboard

Published 20 hours ago verified publisher icon Yubico

Suggested edit for PIV/Guides/SSH_with_PIV_and_PKCS11

Open dch opened this issue 6 years ago • 1 comments

please add info on how to do all of this with:

  • the pkman tool which seems to be yubikey's "preferred" tool now
  • when a PIN has been set - many of the commands simply fail when a PIN is required
  • using EC curves such as ECDSA and ED25519 which seems to supported in the 5.2.4 firmware now

dch avatar Oct 22 '19 13:10 dch

I have been able to generate ECDSA keys "on-token" but unable to import ECDSA keys generated from OpenSSH.

The latest ykman (checkout from git) seems to be required for the PIN to function correctly when already set.

Mention that ECDSA ECCP384 key support requires OpenSSH 8.1 (may work with older versions, but the default in OSX Mojave for example definitely doesn't work). Also ensure that users are running the correct ssh-agent if they have multiple versions installed.

Mention that YubiKey PIV Manager doesn't support the onboard mgmt key when protected by pin.

dch avatar Oct 24 '19 17:10 dch

Apologies for leaving this issue open for so long. But these issues should all have been resolved with recent versions of mentioned software.

joostd avatar Jun 26 '24 13:06 joostd