Yubikey: Difference between revisions
imported>Mic92 offline key generation |
imported>Aaronduino provide a full code sample for yubikey+ssh |
||
| Line 15: | Line 15: | ||
In order to manage OTP keys you can install the <code>yubioath-desktop</code> package in your profile. | In order to manage OTP keys you can install the <code>yubioath-desktop</code> package in your profile. | ||
This application will also both the udev rules as well as pcscd enabled. | This application will also both the udev rules as well as pcscd enabled. | ||
Based on [a guide](https://github.com/drduh/YubiKey-Guide) by [@drduh](https://github.com/drduh), the following should be sufficient for a yubikey usable for ssh: | |||
<syntaxHighlight lang=nix> | |||
services.pcscd.enable = true; | |||
services.udev.packages = [ pkgs.yubikey-personalization ]; | |||
environment.shellInit = '' | |||
export GPG_TTY="$(tty)" | |||
gpg-connect-agent /bye | |||
export SSH_AUTH_SOCK="/run/user/$UID/gnupg/S.gpg-agent.ssh" | |||
''; | |||
programs = { | |||
ssh.startAgent = false; | |||
gnupg.agent = { | |||
enable = true; | |||
enableSSHSupport = true; | |||
}; | |||
}; | |||
</syntaxHighlight> | |||
== Offline key generation == | == Offline key generation == | ||