ssh key auf yubikey - openpgp auf yubikey

Quellen: * Freifunk-Gera * *

#tools installieren
sudo apt-get install yubikey-personalization yubico-piv-tool opensc pcscd
# pacman -Ss gnupg yubikey-personalization pcsc-tools gnupg-pkcs11-scd  
#arch AUR 
# download
# makepkg -si --skippgpcheck
# sudo pacman -S opensc
# yubikey einstellen
ykpersonalize -m82
#tempdir für schlüssel
mkdir ~/tmp_key
cd ~/tmp_key
#ssh keys generieren
# kann nur 2048 (
ssh-keygen -t rsa -b 2048 -f id_rsa
openssl rsa -in id_rsa -out id_rsa.pem -outform pem
# Fehler
Failed to load key id_rsa: invalid format
ssh-keygen -p -m PEM -f id_rsa
#import key
yubico-piv-tool -a import-key -s 9a -i id_rsa.pem
#Successfully imported a new private key.
#selfsight cert mit standart PIN erstellen
ssh-keygen -e -f -m PKCS8 >
yubico-piv-tool -a verify -P 123456 -a selfsign-certificate -s 9a -S "/CN=joe/O=Test/" -i -o 9a-cert.pem
Successfully verified PIN.
Successfully generated a new self signed certificate.
#cert importieren
yubico-piv-tool -a verify -P 123456 -a import-certificate -s 9a -i 9a-cert.pem
Successfully verified PIN.
Successfully imported a new certificate.
yubico-piv-tool -a status
Serial Number:  
CHUID:  No data available
CCC:    No data available
Slot 9a:
        Algorithm:      RSA2048
        Subject DN:     CN=joe, O=Test
        Issuer DN:      CN=joe, O=Test
        Fingerprint:    xxx
        Not Before:     Feb  8 19:28:41 2021 GMT
        Not After:      Feb  8 19:28:41 2022 GMT
PIN tries left: 3
# Pinversuche einstellen
yubico-piv-tool -a verify -P 123456 -a pin-retries --pin-retries 15 --puk-retries 15
# Pin ändern
yubico-piv-tool -a change-pin --pin 123456 --new-pin=987600
# PUK ändern
yubico-piv-tool -a change-puk --pin 12345678 --new-pin=98761234

ssh yubikey mit scp / sshfs nutzen

scp -P <port> -o PKCS11Provider=/usr/lib/x86_64-linux-gnu/ <file-to-copy> user@host:/home/user/

sshfs user@<host>:/home/user/ /home/user2/mooh/ -p <port> -o PKCS11Provider=/usr/lib/x86_64-linux-gnu/

ssh user@host -I /usr/lib/x86_64-linux-gnu/ -p <port>



#tools installieren
sudo apt -y install wget gnupg2 gnupg-agent dirmngr cryptsetup scdaemon pcscd secure-delete hopenpgp-tools yubikey-personalization

gpgp erkennt stick nicht:

yubico-piv-tool -a status                                                                                                                                                                       
Failed to connect to yubikey.
Try removing and reconnecting the device.
--> stop pscd


#conf erstellen
mkdir ~/.gnupg
#vim gpg-agent.conf
default-cache-ttl 60
pinentry-program /usr/bin/pinentry-curses

#agent einrichten
export GPG_TTY="$(tty)"
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpgconf --launch gpg-agent

openvpn key mit yubikey

gpg -d -a <encd-keyfiley> |sudo openvpn /dev/stdin
sudo systemd-tty-ask-password-agent