...
- YubiKey 4 or newer (needs to mention PIV or smartcard)
- Security keys will not work. These are generally FIDO only keys.
- Yubico Security Keys (blue)
- GitHub-branded security keys
- Security keys will not work. These are generally FIDO only keys.
- Latest version of OS
- YubiKey Manager
- Download direct from Yubico: https://www.yubico.com/support/download/yubikey-manager/#h-downloadsWindowshttps://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-latest-win64.exeYubiKey-Manager
- Windows
YubiKey-Manager - Windows x64 latest
Expand title SCCM Software Center
- Mac
- Linux
Considerations
- These docs are not the only way to accomplish the goal nor are YubiKeys the only way to accomplish password-less authentication however the further you deviate from these docs the less knowledge ITS has to assist you.
- The OS requires a lock on the YubiKey. If using multiple computers, even if a computer is virtual, multiple devices will be needed – one device per instance of the OS.
- A YubiKey can be passed through RDP session(s) (Windows only)
- Each device will have a different certificate. A certificate can, however, be used for access to both Linux and Windows servers.
- Expert mode: While a YubiKey (i.e. a Yubico device) is not required, the docs and process are assuming a YubiKey is being used. Any device that can securely generate and store keys in a way that can be cryptographically verified will work.
...