@ -11,18 +11,18 @@ Let's try it. For this demo, I'll let the Yubikey generate GnuPG's keys. This is
Let's make things clear :
Let's make things clear :
< pre >
< pre >
$ < b > rm -R .gnupg< / b >
$ < b > rm -R .ssh< / b >
$ ykman openpgp reset
WARNING! This will delete all stored OpenPGP keys and data and restore factory settings? [y/N]: **y**
Resetting OpenPGP data, don't remove your YubiKey...
Success! All data has been cleared and default PINs are set.
PIN: 123456
Reset code: NOT SET
Admin PIN: 12345678
$ < b > rm -R .gnupg< / b >
$ < b > rm -R .ssh< / b >
$ < b > ykman openpgp reset< / b >
WARNING! This will delete all stored OpenPGP keys and data and restore factory settings? [y/N]: < b > y< / b >
Resetting OpenPGP data, don't remove your YubiKey...
Success! All data has been cleared and default PINs are set.
PIN: 123456
Reset code: NOT SET
Admin PIN: 12345678
< / pre >
< / pre >
Good, let's start with key generation :
Good, let's start with key generation :
< pre >
$ gpg --card-edit
$ gpg --card-edit
gpg: directory '/home/user/.gnupg' created
gpg: directory '/home/user/.gnupg' created
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
@ -188,7 +188,7 @@ Good, let's start with key generation :
permit-port-forwarding
permit-port-forwarding
permit-pty
permit-pty
permit-user-rc
permit-user-rc
< / pre >
At this point, you have to copy the CA's public key into your server's authorized_keys file . This can't be done with ssh-copy-id as the CA's key is not loaded into you ssh-agent nor available in the ~/.ssh directory.
At this point, you have to copy the CA's public key into your server's authorized_keys file . This can't be done with ssh-copy-id as the CA's key is not loaded into you ssh-agent nor available in the ~/.ssh directory.
You should have something like :
You should have something like :