On 2021-10-22, Michael Steeves <stee...@raingods.net> wrote: > I went through the instructions on this page when I set mine up: > > https://github.com/drduh/YubiKey-Guide > > Doing a quick scan, there’s some discussion on the page about having multiple > Yubikeys, and I think that it also talked about restoring from backup, and it > assumes you have a copy of the actual public and private keys offline that > you can use for that.
That's for RSA keys in the smartcard applet on the yubikey - with that you can either generate on-device (not exportable) or on computer and load into the device (you can keep a backup) Paul is using ed25519_sk which is done using the FIDO2 functionality, it's a lot easier to use, no opensc/gpg-agent etc, but the key can't be exported *or* generated elsewhere and imported. (This may seem a disadvantage in some cases but is a big advantage in others). It does require newer ssh software (and isn't supported at all in putty, whereas smartcard mode is supported in the putty-cac fork) . > > Sent from my iPhone > >> On Oct 22, 2021, at 09:28, Paul de Weerd <we...@weirdnet.nl> wrote: >> >> Hi all, >> >> I've been happily using a yubikey together with an id_ed25519 SSH key >> when logging in over SSH: >> >> uhidev7 at uhub3 port 2 configuration 1 interface 1 "Yubico YubiKey >> OTP+FIDO+CCID" rev 2.00/5.27 addr 9 >> >> I would now like to migrate over to a new yubikey with a USB-C >> connector, as my new personal laptop has no USB-A ports. Digging >> through the ssh-keygen manpage, I don't see an option to do this; it >> seems you can only create new keys. >> >> Is this indeed impossible, or am I looking at the wrong manpage? >> >> Thanks, >> >> Paul >> >> -- >>> ++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ >> +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] >> http://www.weirdnet.nl/ >> > -- Please keep replies on the mailing list.
