diff --git a/ssh/yubibug.md b/ssh/yubibug.md index 3cc830b..dbe3fba 100644 --- a/ssh/yubibug.md +++ b/ssh/yubibug.md @@ -11,18 +11,18 @@ Let's try it. For this demo, I'll let the Yubikey generate GnuPG's keys. This is Let's make things clear :
- $ rm -R .gnupg - $ rm -R .ssh - $ ykman openpgp reset - WARNING! This will delete all stored OpenPGP keys and data and restore factory settings? [y/N]: **y** - Resetting OpenPGP data, don't remove your YubiKey... - Success! All data has been cleared and default PINs are set. - PIN: 123456 - Reset code: NOT SET - Admin PIN: 12345678 +$ rm -R .gnupg +$ rm -R .ssh +$ ykman openpgp reset +WARNING! This will delete all stored OpenPGP keys and data and restore factory settings? [y/N]: y +Resetting OpenPGP data, don't remove your YubiKey... +Success! All data has been cleared and default PINs are set. +PIN: 123456 +Reset code: NOT SET +Admin PIN: 12345678Good, let's start with key generation : - +
$ gpg --card-edit gpg: directory '/home/user/.gnupg' created gpg: keybox '/home/user/.gnupg/pubring.kbx' created @@ -188,7 +188,7 @@ Good, let's start with key generation : permit-port-forwarding permit-pty permit-user-rc - +At this point, you have to copy the CA's public key into your server's authorized_keys file . This can't be done with ssh-copy-id as the CA's key is not loaded into you ssh-agent nor available in the ~/.ssh directory. You should have something like :