OpenSSH and U2F

mike tancsa mike at sentex.net
Tue Jan 5 21:57:04 UTC 2021


Hi all,

    I am trying to get my Yubi Key working on FreeBSD like I do on MacOS
and OpenSSH.  On it, its super easy to generate and use the key as 2FA auth.

On the MAC and Linux, all I need to do is

ssh-keygen -t ecdsa-sk

to generate the key pair. I then copy over the public key and am then
able to ssh to another host using the key pair with just a tap of the
Yubico key.

e.g

https://cryptsus.com/blog/how-to-configure-openssh-with-yubikey-security-keys-u2f-otp-authentication-ed25519-sk-ecdsa-sk-on-ubuntu-18.04.html

shows it on Linux which is the same as on my MAC.

On FreeBSD, I need to enter a PIN via the security/yubikey-agent.  Plus
I need to have QT / and some Xlibs installed as I am prompted for a PIN
via PINENTRY.  Is there a way to do it so that I just touch the key as
opposed to having to use the PIN ?  I would even prefer PIN and
physically touching the key if possible as opposed to JUST the PIN

    ---Mike




More information about the freebsd-questions mailing list