yubikey-agent is an integration for using Yubikey with ssh.
Create tunnel in background
ssh -f -N -L 3000:server1:5029 me@server2Config File
~/.ssh/config Can be used for setting up aliases, forwarding ports, or
assuring agent forwarding is done. e.g:
Host home
HostName blah.blah.com
ForwardAgent yes
LocalForward 8080 192.168.1.150:443This would enable typing ssh home and that be equivalent to
ssh -A -L 8080:192.168.1.150:443 blah.blah.com . Or, in plainer
english, set up a tunnel to blah.blah.com where the local port 8080 is
forwarded to the port 443 on host 192.168.1.150, with agent
forwading.
Caveat: this could create duplicate forwards if connecting multiple times
Reuse connections
Host example.org
ControlMaster auto
ControlPath ~/.ssh/%r@%h:%p.sock
ControlPersist yes
Remote commands
One useful idea is to start a tmux session straight off1:
Host example.org
RemoteCommand tmux new -A -s defaultUse GnuPG (gpg) Agent to authenticate ssh2
Create authentication key
gpg2 --expert --edit-key <KEY ID>
gpg> addkey
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECC (sign only)
(11) ECC (set your own capabilities)
(12) ECC (encrypt only)
(13) Existing key
Your selection? 8
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Sign Encrypt
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? s
Your selection? e
Your selection? a
Possible actions for a RSA key: Sign Encrypt Authenticate
Current allowed actions: Authenticate
(S) Toggle the sign capability
(E) Toggle the encrypt capability
(A) Toggle the authenticate capability
(Q) Finished
Your selection? q
RSA keys may be between 1024 and 4096 bits long.
What keysize do you want? (2048)
Requested keysize is 2048 bits
Please specify how long the key should be valid.
0 = key does not expire
<n> = key expires in n days
<n>w = key expires in n weeks
<n>m = key expires in n months
<n>y = key expires in n years
Key is valid for? (0)
Key does not expire at all
Is this correct? (y/N) y
Really create? (y/N) y
sec rsa2048/8715AF32191DB135
created: 2019-03-21 expires: 2021-03-20 usage: SC
trust: ultimate validity: ultimate
ssb rsa2048/150F16909B9AA603
created: 2019-03-21 expires: 2021-03-20 usage: E
ssb rsa2048/17E7403F18CB1123
created: 2019-03-21 expires: never usage: A
[ultimate] (1). Brian Exelbierd
gpg> quit
Save changes? (y/N) y
Add key to ssh
$ gpg -K --with-keygrip
/home/bexelbie/.gnupg/pubring.kbx
------------------------------
sec rsa2048 2019-03-21 [SC] [expires: 2021-03-20]
96F33EA7F4E0F7051D75FC208715AF32191DB135
Keygrip = 90E08830BC1AAD225E657AD4FBE638B3D8E50C9E
uid [ultimate] Brian Exelbierd
ssb rsa2048 2019-03-21 [E] [expires: 2021-03-20]
Keygrip = 5FA04ABEBFBC5089E50EDEB43198B4895BCA2136
ssb rsa2048 2019-03-21 [A]
Keygrip = 7710BA0643CC022B92544181FF2EAC2A290CDC0E
$ echo 7710BA0643CC022B92544181FF2EAC2A290CDC0E >> ~/.gnupg/sshcontrol
Enable ssh-agent-support
echo "enable-ssh-support" >> ~/.gnupg/.gpg-agent-confTell ssh about gpg
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)1. Becker, C. SSH Tips and Tricks Carlos Becker. (2022).
2. Exelbierd, B. âbexâ. How to enable SSH access using a GPG key for authentication Opensource.com. (2019).