mirrors
/
YubiKey-Guide
mirror of https://github.com/drduh/YubiKey-Guide
0
0
Fork 0
Code Releases Activity

Update license and formatting

pull/95/head
drduh 2019-02-06 20:25:04 -08:00
parent 81bcf81042
commit e05dc4b5bd
2 changed files with 8 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
LICENSE
View File

@ -1,6 +1,6 @@
The MIT License (MIT) The MIT License (MIT)
Copyright (c) 2016-2019 Copyright (c) 2016-2019 drduh
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal

11
README.md
View File

@ -135,7 +135,11 @@ $ doas pkg_add gnupg pcsc-tools
**macOS** **macOS**
Download and install [Homebrew](https://brew.sh/) and the following Brew packages - `gnupg yubikey-personalization hopenpgp-tools ykman pinentry-mac` Download and install [Homebrew](https://brew.sh/) and the following Brew packages:
```console
brew install gnupg yubikey-personalization hopenpgp-tools ykman pinentry-mac
```
**Windows** **Windows**
@ -143,7 +147,6 @@ Download and install [Gpg4Win](https://www.gpg4win.org/) and [PuTTY](https://put
**Note** You may also need more recent versions of [yubikey-personalization](https://developers.yubico.com/yubikey-personalization/Releases/) and [yubico-c](https://developers.yubico.com/yubico-c/Releases/). **Note** You may also need more recent versions of [yubikey-personalization](https://developers.yubico.com/yubikey-personalization/Releases/) and [yubico-c](https://developers.yubico.com/yubico-c/Releases/).
## Entropy ## Entropy
Generating keys will require a lot of randomness. To check the available bits of entropy available on Linux: Generating keys will require a lot of randomness. To check the available bits of entropy available on Linux:
@ -1687,8 +1690,6 @@ And reload the SSH daemon (e.g., `sudo service sshd reload`).
- If you receive the error, `Key does not match the card's capability` - you likely need to use 2048 bit RSA key sizes. - If you receive the error, `Key does not match the card's capability` - you likely need to use 2048 bit RSA key sizes.
- If ssh authentication fails - add up to 3 `-v` flags to increase verbosity.
- If you receive the error, `sign_and_send_pubkey: signing failed: agent refused operation` - make sure you replaced `ssh-agent` with `gpg-agent` as noted above. - If you receive the error, `sign_and_send_pubkey: signing failed: agent refused operation` - make sure you replaced `ssh-agent` with `gpg-agent` as noted above.
- If you still receive the error, `sign_and_send_pubkey: signing failed: agent refused operation` - [run the command](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835394) `gpg-connect-agent updatestartuptty /bye` - If you still receive the error, `sign_and_send_pubkey: signing failed: agent refused operation` - [run the command](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=835394) `gpg-connect-agent updatestartuptty /bye`
@ -1699,6 +1700,8 @@ And reload the SSH daemon (e.g., `sudo service sshd reload`).
- If you receive the error, `Permission denied (publickey)`, increase ssh verbosity with the `-v` flag and ensure the public key from the card is being offered: `Offering public key: RSA SHA256:abcdefg... cardno:00060123456`. If it is, ensure you are connecting as the right user on the target system, rather than as the user on the local system. Otherwise, be sure `IdentitiesOnly` is not [enabled](https://github.com/FiloSottile/whosthere#how-do-i-stop-it) for this host. - If you receive the error, `Permission denied (publickey)`, increase ssh verbosity with the `-v` flag and ensure the public key from the card is being offered: `Offering public key: RSA SHA256:abcdefg... cardno:00060123456`. If it is, ensure you are connecting as the right user on the target system, rather than as the user on the local system. Otherwise, be sure `IdentitiesOnly` is not [enabled](https://github.com/FiloSottile/whosthere#how-do-i-stop-it) for this host.
- If SSH authentication stil fails - add up to 3 `-v` flags to increase verbosity.
- If you totally screw up, you can [reset the card](https://developers.yubico.com/ykneo-openpgp/ResetApplet.html). - If you totally screw up, you can [reset the card](https://developers.yubico.com/ykneo-openpgp/ResetApplet.html).
# Notes # Notes