How to add Yubikey to ssh agent in Linux or Mac OS ?

Today we will look at a small tip, how to add YUBIKEY to our ssh-agent in Linux so that it doesn’t ask for password every time and authenticate the user automatically.

A YubiKey is a hardware authentication USB device manufactured by Yubico corporation which supports public-key encryption and authentication, and one-time passwords.
It works on the Universal 2nd Factor (U2F) protocol developed by the FIDO Alliance (FIDO U2F).
The 4th generation YubiKey is launched on November 16, 2015.

We have two options to authenticate every time we connect to a server using our Yubikey password.

OR, we can also add the yubikey to our ssh-agent daemon so that it automatically connects to the servers without asking for yubikey password.

Adding yubikey to ssh-agent

To add yubikey to ssh agent, we can use ykadd command.

user@ngelinux$ ykadd 
Enter PIN for 'YubiKey PKCS#2': 
user@ngelinux$ 

We can see the ykadd command man page to know how it added the yubikey to our ssh agent.

user@ngelinux$ man ykadd

YKADD(1)                  BSD General Commands Manual                 YKADD(1)

NAME
     ykadd -- add YubiKey to ssh-agent

SYNOPSIS
     ykadd [-s] [-v]
     ykdel

DESCRIPTION
     The ykadd command makes a YubiKey available through ssh-agent, allowing it to be used by ssh without further prompts for PIN.
     The YubiKey will remain available via ssh-agent until the user logs out or explicitly removes it using the ykdel command.

Leave a Reply

Your email address will not be published.