Browse Source

Augmented visibility on user inputs

pull/1/head
Julien Escario 4 years ago
parent
commit
56102cbea9
  1. 22
      ssh/yubibug.md

22
ssh/yubibug.md

@ -11,18 +11,18 @@ Let's try it. For this demo, I'll let the Yubikey generate GnuPG's keys. This is
Let's make things clear : Let's make things clear :
<pre> <pre>
$ <b>rm -R .gnupg</b>
$ <b>rm -R .ssh</b>
$ ykman openpgp reset
WARNING! This will delete all stored OpenPGP keys and data and restore factory settings? [y/N]: **y**
Resetting OpenPGP data, don't remove your YubiKey...
Success! All data has been cleared and default PINs are set.
PIN: 123456
Reset code: NOT SET
Admin PIN: 12345678
$ <b>rm -R .gnupg</b>
$ <b>rm -R .ssh</b>
$ <b>ykman openpgp reset</b>
WARNING! This will delete all stored OpenPGP keys and data and restore factory settings? [y/N]: <b>y</b>
Resetting OpenPGP data, don't remove your YubiKey...
Success! All data has been cleared and default PINs are set.
PIN: 123456
Reset code: NOT SET
Admin PIN: 12345678
</pre> </pre>
Good, let's start with key generation : Good, let's start with key generation :
<pre>
$ gpg --card-edit $ gpg --card-edit
gpg: directory '/home/user/.gnupg' created gpg: directory '/home/user/.gnupg' created
gpg: keybox '/home/user/.gnupg/pubring.kbx' created gpg: keybox '/home/user/.gnupg/pubring.kbx' created
@ -188,7 +188,7 @@ Good, let's start with key generation :
permit-port-forwarding permit-port-forwarding
permit-pty permit-pty
permit-user-rc permit-user-rc
</pre>
At this point, you have to copy the CA's public key into your server's authorized_keys file . This can't be done with ssh-copy-id as the CA's key is not loaded into you ssh-agent nor available in the ~/.ssh directory. At this point, you have to copy the CA's public key into your server's authorized_keys file . This can't be done with ssh-copy-id as the CA's key is not loaded into you ssh-agent nor available in the ~/.ssh directory.
You should have something like : You should have something like :

Loading…
Cancel
Save