What does HackerNews think of yubikey-agent?

yubikey-agent is a seamless ssh-agent for YubiKeys.

Language: Go

An Opinionated Yubikey Set-Up Guide | Sep 2023
Might also want to check out https://github.com/FiloSottile/yubikey-agent as a very simple way to setup a yubi-key as an ssh-agent.
Show HN: ssh-tpm-agent – SSH agent for TPMs | Jul 2023
Expand Context ↕
The ; got included in the yubikey-agent URL: https://github.com/FiloSottile/yubikey-agent

Thanks for those pointers!
Secretive: Store SSH Keys in the Secure Enclave | Mar 2023
Expand Context ↕
Also check out https://github.com/FiloSottile/yubikey-agent which simplifies the setup quite a bit.
Cloudflare Hardware Keys (Yubico Partnership) | Oct 2022
Expand Context ↕
You can use PIV for SSH just fine.

It's not OpenSSH's weird FIDO mode, but I don't like the FIDO mode anyway because it requires storing a file on the computer.

https://github.com/FiloSottile/yubikey-agent
How to Store an SSH Key on a Yubikey | May 2022
https://github.com/FiloSottile/yubikey-agent has worked really well for me in the past.
Ask HN: CLI Tool for File Encryption? | Apr 2022
Expand Context ↕
https://github.com/FiloSottile/passage :)

That's exactly the use case I set out to replace for myself. I'll put together a guide at some point. The part I don't use and so can't really own is the mobile app, I would love a community solution there.

I am also planning to integrate https://github.com/FiloSottile/yubikey-agent which makes the SSH authentication part very easy, so that you only type your PIN once and it stays cached.
FreeBSD SSH Hardening | Sep 2021
Expand Context ↕
And you can use a Yubikey hardware key as a ecdsa-sha2-nistp384 secret store, without messing with PAM or needing custom key types or special files on the client host: https://github.com/FiloSottile/yubikey-agent
Security keys are now supported for SSH Git operations | May 2021
Finally! Was using https://github.com/FiloSottile/yubikey-agent before and now probably can migrate out of it since github was holding me back.
GnuPG 2.2.23 | Sep 2020
Expand Context ↕
I guess you can use https://github.com/FiloSottile/yubikey-agent to store an ssh key on a yubikey, and then use age to encrypt to the ssh key.

Getting minisign to sign using a key in a ubikey is not supported out of the box, but should be possible in the same way yubikey-agent works (after all, that's what it does when you authenticate an ssh session using a yubikey).

You can ask Filippo Valsorda.
How to use FIDO2 USB keys with SSH | Jun 2020
Expand Context ↕
Yubikeys work in PIV mode with openssh, it just requires the necessary module and some invocation dance with ssh-agent https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PK... or Filippo Valsordas yubikey-agent https://github.com/FiloSottile/yubikey-agent
Secretive – macOS native app to store SSH keys in the Secure Enclave | Jun 2020
I've been using a YubiKey device for SSH using yubikey-agent [0] and it's been great since it’s not possible to extract keys from hardware keys and the device is carried with me. The agent is also integrated with pinentry so it requires a pin code for the session.

[0] https://github.com/FiloSottile/yubikey-agent