
Since those are insecure, first we should change them.įor this, insert YubiKey into usb slot, fire up PowerShell and type gpg -card-edit
#Putty ssh agent install
Install the required software at this step.įirst thing’s first: key comes with some simple factory pins: 123456 regular and 12345678 admin one. So let’s start.Īs listed on the YubiKey website, following products support PGP: YubiKey 4, YubiKey NEO, YubiKey 4 Nano, YubiKey NEO-n, YubiKey 5 NFC (this is what I’m using at the moment), YubiKey 5 Nano, YubiKey 4C, YubiKey 4C Nano, YubiKey 5C, YubiKey 5C NanoĪlso it’s highly recommended to verify YubiKey before using it at Ĭygwin (do not install gnupg packages, but install openssh and ssh-pageant packages)

YubiKey suits much better for this purpose. Note that I found this guide to be particularly good, but it’s missing few hiccups and description of proper PuTTY integration.įirst of all, why do we need this? Answer is simple – Security! Alternatives include storing private keys directly on a workstation – which makes them poorly protected in multitude of attacks directed at workstation, a better option is to use encrypted usb key but this is tedious because leaving inserted and unsealed usb key for a long time is insecure, while inserting it and removing it back and forth all the time is tedious and time consuming. I found several nice references on the web (which are listed in the end) but all of them seemed to be missing a thing or two, so I decided this complete walkthrough for my future self and also for anyone interested.

This guide is for Windows and using SSH via PuTTY. Also if you are looking for a Linux or Chrome OS setup, look here.Īt Reliza we are switching to using YubiKeys for our SSH authentication which is possible via PGP encryption. Update: Watch my talk at OWASP Ottawa discussing SSH security (gives perspective to this walkthrough).
