top | item 30360285

(no title)

irl_ | 4 years ago

SSH keys authenticate you. They are an identity. You probably don't need more than one or two identities (maybe personal and work). You can just get a couple of YubiKeys and configure the OpenPGP applet, or the PIV applet, with an authentication key/certificate and use that for SSH. Take the token with you and you've got some pretty strong authentication.

More modern SSH servers will let you use U2F security keys in the same way, which are cheaper than the full YubiKey.

I've learned recently that YubiKey has really good documentation for how to set up their tokens to achieve different goals, it would be worth reading their docs if you're considering getting a hardware token for your keys.

discuss

No comments yet.