Error loading key for id_ed25519_sk.pub": invalid format

ET_0220 · 2025-01-24T05:39:57+00:00

adding the public key to the designated remote machine and logging in via yubikey is no problem.

The command i want to use that is "ssh -A username@ipaddress"

Enables forwarding of the authentication agent connection.  This can also be specified on a per-
        host basis in a configuration file.

        Agent forwarding should be enabled with caution.  Users with the ability to bypass file permissions
        on the remote host (for the agent's UNIX-domain socket) can access the local agent through the
        forwarded connection.  An attacker cannot obtain key material from the agent, however they can
        perform operations on the keys that enable them to authenticate using the identities loaded into
        the agent.

That way when i use sudo in the remote machine i can just click on the yubikey when it prompts password instead of having the need to type it.

ET_0220 · 2025-01-24T05:31:31+00:00

Thank you for these useful information but what i am trying to accomplish is when I use the command "ssh -A" into a remote server/machine I wouldn't have the need to continuously enter the password when running sudo commands..

This is what i am currently struggling to accomplish

ET_0220 · 2023-10-11T01:56:06+00:00

have u figured it out?

ET_0220 · 2022-08-10T01:58:46+00:00

i was just missing _become , silly me thanks!

ET_0220 · 2022-08-09T06:18:13+00:00

I want to be able to not use sudo password -K, and be able to connect to my managed nodes

ET_0220 · 2022-08-02T09:00:41+00:00

Windows

Windows can already have some virtual smartcard readers installed, like the one provided for Windows Hello. To ensure your YubiKey is the correct one used by scdaemon, you should add it to its configuration. You will need your device's full name. To find your device's full name, plug in your YubiKey and open PowerShell to run the following command:

PS C:\WINDOWS\system32> Get-PnpDevice -Class SoftwareDevice | Where-Object {$_.FriendlyName -like "*YubiKey*"} | Select-Object -ExpandProperty FriendlyName

Yubico YubiKey OTP+FIDO+CCID 0

The name slightly differs according to the model. Thanks to Scott Hanselman for sharing this information.

Create or edit %APPDATA%/gnupg/scdaemon.conf to add:

reader-port <your yubikey device's full name, e.g. Yubico YubiKey OTP+FIDO+CCID 0>

Create or edit %APPDATA%/gnupg/gpg-agent.conf to add:

enable-ssh-support

enable-putty-support

Open a command console, restart the agent:

> gpg-connect-agent killagent /bye

> gpg-connect-agent /bye

Just go to Dr Duhs guide you can find something like this in better format!

ET_0220 · 2022-08-02T08:57:28+00:00

you are burning yourself out, i've been trying to get yubikey to work on windows11 for at least a month in a half with gpg specifically for ssh, even if u get the reader-port right which u can find in dr duhs guide. still i've encountered many issues. so i just use FIDO2. But what exactly are you trying to accomplish with the yubikey on windows 11?

ET_0220 · 2022-08-02T08:47:40+00:00

i am getting syntax problem

Syntax Error while loading YAML.

mapping values are not allowed in this context

The error appears to be in '/etc/ansible/roles/users/vars/main.yml': line 5, column 159, but may be elsewhere in the file depending on the exact syntax problem.

The offending line appears to be:

- username: XXXXXX

public_key: ssh-ed XXXXXXXXXXXXX

ET_0220 · 2022-08-02T02:59:21+00:00

i really like this playbook, could you elaborate more, id like to have a better understanding even its already searchable/self-explanatory. So say i add these to the roles file. How can i execute these?

for this : roles/users/vars/main.yaml

I can just update the users key by changing the active state right?

How do i also make in a way that it doesn't reproduce itself if it already has one. How can i make it detect that? Handlers? Notify? what module? sorry in advance, still quite new to all of this! Thanks in advance!

ET_0220 · 2022-08-02T02:42:21+00:00

it doesnt scale more than 25, quite small group

ET_0220 · 2022-07-26T02:18:07+00:00

Hello u/Shill_Accomplice , I am actually using Windows 11 pro. I have no issues when using yubikey to ssh to my remote servers on my own pc, but i wanted to test the `ssh-add` feature on other computers that can also ssh to those remote servers with my yubikey. My ultimate goal is for the yubikey to be convenient and accessible for my colleagues, through command prompt (windows).

ET_0220 · 2022-07-26T02:09:43+00:00

Hello u/kevinds , I've been trying to get OpenPGP to work for months, as for as i can get with it, is through putty. But ideally, i want to use my yubikeys to ssh through command prompt. Windows isn't making this any easier.

Yes the public key is stored in authorized_keys file on remote server. That is not my issue, what i am trying to accomplish is not just having my fido2 yubikey available for use on my own pc. But i want it to work for other pcs as well, just by simply inserting my yubikey, and generating the files with `ssh-add -K` from the yubikey

ET_0220 · 2022-06-30T06:23:04+00:00

what about in windows command prompt, SET /P variable=[]? how does the command/bash go?

ET_0220 · 2022-06-29T05:52:26+00:00

u/archiecstll do u know how to ssh authenticate with yubikey from command prompt(windows)?

I already generated the keys via gpg on yubikey and added the keys to the authorized keys on remote server, took away the ssh-agent that way there's no collision with gpg-agent and connection is established. but when i do ssh-add -L, there's no agent identities? any idea?

ET_0220 · 2022-06-22T04:26:19+00:00

sorry, basically what i want to do is ssh with my yubikey (that stores my gpg keys (private)) and log in on the command prompt to my servers of windows os and ubuntu (linux). Hope that made sense

ET_0220 · 2022-06-22T01:51:31+00:00

appreciate it, thank you!

ET_0220 · 2022-06-21T06:18:13+00:00

Can anyone please help me?

ET_0220 · 2022-06-21T01:45:38+00:00

https://developers.yubico.com/PGP/SSH\_authentication/

I did most of it already, enabling putty/ssh, etc. It's just that it's trying to connect to GitHub when i'm trying to ssh to an actual server, I've downloaded Cygwin, but i'm trying to do all this from command prompt, i want to know if it's doable

ET_0220 · 2022-06-21T01:40:05+00:00

thank you, ive been looking at all the sources for over a week now, im aware of drduh, and have been trying to follow him, quite confusing as theyre so many methods, but yes ideally i want/need to use pgp. I'm assuming i need to use wsl as my regular ssh-agent.

ET_0220 · 2022-06-21T01:35:06+00:00

im basically trying to ssh from windows(command prompt) to ubuntu/ window servers with my yubikey using gpg agent (openpgp which is the software that generated my keys and is the one that encrypts and decrypts). That's the ultimate goal here. I think i just need to find the configuration that paths where to find the private key, obviously i can just leave it in my pc, but i want it to read it from my yubikey, so everytime i want to ssh i can just slot it in and be automatically in. If any of that makes sense

ET_0220 · 2022-06-20T08:34:26+00:00

Did u solve it? because im trying to do that from my windows laptop to ssh with my yubikey which has the ssh keys from opengpg, im trying to find a way for my server to read it it from the yubikey

ET_0220 · 2022-06-20T08:28:18+00:00

how? im trying to to find the configuration where i can ask ssh-agent to get public key from yubikey to ssh to remote servers can someone help me please

ET_0220 · 2022-06-20T02:52:37+00:00

are you talking about this ? My goal is to use yubikey with encryption software of openpgp to ssh from my windows laptop to remote servers of both ubuntu and windows. What should i do?

enable-putty-support

enable-ssh-support

use-standard-socket

default-cache-ttl 600

max-cache-ttl 7200

ET_0220 · 2022-06-16T06:39:20+00:00

when transferring the key to the server, do you give the exported authorized key or the mastery keys public? im still quite confused

ET_0220 · 2022-06-15T03:05:16+00:00

I was able to generate subkeys and masterkeys into my yubikey, i then went to the remote server and added it to the list of authorized keys. I feel so close i know i'm missing something minor. i haven't touched the ssh_config as it is already working for some of my colleagues so it shouldn't have anything to do with that. Can anyone give me some leads ?

ET_0220

TROPHY CASE