Alright let's clock in, it's 9:23 am.
I was excited last week to find out Github now supports SSH keys with FIDO or, err, Yubikeys (was it U2F keys?), anyways, here's the official post.
I can't say I am a huge advocate, however I do use the keys quite a bit for my most critical stuff.
I was introduced first to the standard by finding out about Google's Advanced Protection Program (more on that here). On the other hand and from experience, I can say it's a very promising authentication factor.
Back to business
According to Github, I just need to:
- Run
ssh-keygen -t ecdsa-sk -C <email address>
(note on the -sk there: that seems to instruct OpenSSH we're using an external key; which is cool and seamless).
- Finish set up by plugging and touching the key thingie
- Add my public key to github
- Profit
Let's see if it's as easy as that!
Also by the way, I'm on MacOS 🤠
...
Word or warning: You need OpenSSH 8.2 or newer to do this...
Got an error: Key enrollment failed: invalid format. Gonna try plugging the key... Works!
Exporting the key to github is easy too; just follow this.
And then finally just trying to clone a random repo would confirm if that worked...
It worked!
This is so easy I am astounded. Gonna tell my friends at work.
P.S.
This can be a big deal for security
Imagine for example a company wanting to enforce SSH security protocols for users accessing their corporate networks, but then an engineer uses a weak passphrase or none at all for their key.
Compromising that single private key can turn out into a raging fire inside the company. With this, your private key never exits the physical USB drive, that's the reason it's so cool!
Anyways, clocking out; it's 10:21am and I even got a chance to take a snap of my FIDO key for the cover image. Sweet. Now back to Kingdom Hearts.
P.S. 2
^ Re Cover Picture: Bet most your friends would be scared to share a pic of their private key, hah.
See you next time.
Top comments (0)