Mar 03 2025 15 mins 49
This show has been flagged as Explicit by the host.
Chatting wth Sgoti
Sgoti talks about SSH and Github.
openbsd: PreferredAuthentications \
Specifies the order in which the client should try authentication methods. \
gssapi-with-mic,hostbased,publickey,keyboard-interactive,password
- openbsd: HostKeyAlgorithms \
$ssh -Q HostKeyAlgorithms;
ssh-ed25519
[email protected]
[email protected]
[email protected]
ssh-rsa
rsa-sha2-256
rsa-sha2-512
ssh-dss
ecdsa-sha2-nistp256
ecdsa-sha2-nistp384
ecdsa-sha2-nistp521
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
openbsd: IdentitiesOnly \
- Specifies that ssh(1) should only use the configured authentication identity and certificate files (either the default files, or those explicitly configured in the ssh_config files or passed on the ssh(1) command-line), even if ssh-agent(1) or a PKCS11Provider or SecurityKeyProvider offers more identities. The argument to this keyword must be yes or no (the default). This option is intended for situations where ssh-agent offers many different identities. \
Sample ssh config. \
#Github Primary Yubikey
Host github
User git
HostName github.com
Port 22
IdentityFile ~/.ssh/github-yubikey-0
#Github Secondary Yubikey
Host github
User git
HostName github.com
Port 22
IdentityFile ~/.ssh/github-yubikey-1
#Global properties.
Host *
PubkeyAuthentication=yes
PreferredAuthentications=publickey,keyboard-interactive
[email protected],ssh-ed25519,rsa-sha2-512
#ssh-ed25519
#[email protected]
#[email protected]
#[email protected]
#ssh-rsa
ssh-keygen -t ed25519-sk -C "[email protected]" -f ~/.ssh/github-yubikey-0;
ssh-keygen -t ed25519-sk -C "[email protected]" -f ~/.ssh/github-yubikey-1;
chmod --change =400 ~/.ssh/github*; #Owner only!
lawrencesystems: SSH with YubiKey FIDO U2F Authentication. \
yubico: YubiKey 5 Series \
github: Generating a new SSH key and adding it to the ssh-agent. \
EOF
