...
- YubiKey 4 or newer (needs to mention PIV or smartcard)
- Security keys will not work. These are generally FIDO only keys.
- Yubico Security Keys (blue)
- GitHub-branded security keys
- Security keys will not work. These are generally FIDO only keys.
- Latest version of OS
- YubiKey Manager
- Download direct from Yubico: YubiKey-Manager
- Windows
Expand title SCCM Software Center (Preferred Method) - YubiKey-Manager - Windows x64 latest
- Mac
- Linux
Requesting a YubiKey
- Fill out the following Google form
round 2 Yubikey singnup sheet - Google Sheets- Pick up at INS-1130
Considerations
- These docs are not the only way to accomplish the goal nor are YubiKeys the only way to accomplish password-less authentication however the further you deviate from these docs the less knowledge ITS has to assist you.
- The OS requires a lock on the YubiKey. If using multiple computers, even if a computer is virtual, multiple devices will be needed – one device per instance of the OS.
- A YubiKey can be passed through RDP session(s) (Windows only)
- Each device will have a different certificate. A certificate can, however, be used for access to both Linux and Windows servers.
- Expert mode: While a YubiKey (i.e. a Yubico device) is not required, the docs and process are assuming a YubiKey is being used. Any device that can securely generate and store keys in a way that can be cryptographically verified will work.
Process Overview
I. Initialize/Configure YubiKey Certificate Enrollment
II. Determine which certificate to use
III. Submit certificate for verification
IVIII. Configure clients to use certificates
VIV. Next steps
I.
...
II. Determine which certificate to use
Note |
---|
The following is a suggested determination of which certificate process to follow. If you feel comfortable deviating, feel free to do so. |
...
Certificate Enrollment
Expand | |||||
---|---|---|---|---|---|
| |||||
| |||||
Expand | |||||
| |||||
Include Page | II. YubiKey Smartcard Setup via Self-Signed Certificate (YubiKey Manager) | II. YubiKey Smartcard Setup via Self-Signed Certificate (YubiKey Manager) |
...
|
II. Submit certificate for verification
Expand | ||||||
---|---|---|---|---|---|---|
| ||||||
|
...
III. Configure clients to use certificates
Windows: IVIII. YubiKey Windows SSH Client Configuration
Mac: IVIII. YubiKey Mac SSH Client Configuration
Linux: IVIII. YubiKey Linux SSH Client Configuration
...
IV. Next steps
YubiKey Duo Setup - start.rit.edu/Duo
...