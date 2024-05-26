I recently played with my Yubikey to establish them as second factor for my ssh keys. The process is straight-forward, however it took me some time to go through Yubico’s documentation. Here I write the process down in my own words.

ssh public key authentication can be hardened to require a hardware token like the Yubikeys (series 5 onwards). My Yubikey 4 is not supported, it’s too old - FIDO2 is required. From OpenSSH 8.2 and 8.3 respectively (for resident keys) onwards, yubikeys are supported. I do only require them for Linux, although the documentaton mentions some not-officially-supported-but-should-work methods to get it also working on Windows and MacOS.