Yubikeys SSH¶

• SSH (developers.yubico.com)
• [[dr-duh]]

YubiKey hardware-backed SSH authentication methods¶

• pgp
• piv
• fido2
• otp

PGP¶

The YubiKey stores and manages OpenPGP keys within its OpenPGP module. It will work with SSH clients that have integrated with the OpenPGP standard.

• SSH authentication (developers.yubico.com)
• drduh/YubiKey-Guide Guide to using YubiKey for GPG and SSH (github.com)

PIV¶

The YubiKey stores and manages RSA and Elliptic Curve (EC) asymmetric keys within its PIV module. It will work with SSH clients that can communicate with smart cards through the PKCS#11 interface.

FIDO2¶

OpenSSH version 8.2p1 added support for FIDO hardware authenticators. FIDO devices are supported by the public key types “ecdsa-sk” and “ed25519-sk", along with corresponding certificate types.

OTP¶

Systems administrators can configure two factor authentication for SSH authentication using the YubiKey through the Yubico PAM module.