Yubico Forum

master key and subkey for slot2
Page 1 of 1

Author:  valgenova [ Thu Sep 28, 2017 10:05 am ]
Post subject:  master key and subkey for slot2


Im trying to configure my yubikey 4 with a new master key and subkey, so that I can use the subkey for ssh authentication. Based on the docs, I need to run the command gpg --expert --gen-key. But first I need to know
what configuration slots Im setting up. The gpg2 --card-status doesnt say which configuration slot im setting up.
The personalization tool doesnt show settings for sub-key.

My question is, how do I know which configuration slot Im setting up, or is there a command to specifically say
that im configuring up slot2.

Hope you can help me.

Thanks in advance

Author:  techwg [ Thu Sep 28, 2017 12:07 pm ]
Post subject:  Re: master key and subkey for slot2

The OpenPGP system does not use slots. It uses the smartcard feature. I have Yubico OTP in slot 1, challenge-response in slot 2, my OpenPGP key, all the certificates listed on the PIV manager that are possible to add and I have added about 6 of the, I think they are OATH? The ones where normally I would open up my phone's Google authenticator app to get the 6 digit code to do the 2-factor for a service that I am logging in. All that is on a single Yubikey. Although I know how to use the OpenPGP, I added all the certificates that the PIV manager can make and I have not a single clue on how to make use of them haha.

Author:  valgenova [ Sat Sep 30, 2017 3:30 am ]
Post subject:  Re: master key and subkey for slot2


Thank you for the reply, I have stored the master and subkey in the yubikey.
I have this information in my yubikey when I run the --card-status

Authentication key: 1234 567Y 098U GH99 OM76 XXXX XXXX XXX1 XXX2 XXX3
created ....: 2017-09-28 10:33:58
General key info..: sub rsa4096/123456789 2017-09-28 valgenova (test) <myaddres@mydomain.com>
sec rsa4096/123456UI created: 2017-09-28 expires: 2019-09-28
ssb> rsa4096/098765YU created: 2017-09-28 expires: 2019-09-28

I also have generated my rsa_id.pub, with the output of the cardno in the id_rsa.pub,
and uploaded it in the remote machine where I will be connecting to, when I uploaded the id_rsa.pub
I change the cardno to myemail address as said in the forum. I then connect to that remote machine.
I was able to connect with 2 steps authentication, as Yubikey for root login as the first authentication,
and then ssh root login as the secondary authentication.

My question is on the authentication, how can I make the Yubikey for root login the only step to login on the remote server? with my id_rsa.pub already uploaded on the remote machine .

Thank you in advance


Author:  Morthawt [ Sat Sep 30, 2017 9:12 pm ]
Post subject:  Re: master key and subkey for slot2

That, I do not know. (this is my old name I got control back over). If it is not too complicated I would like to use my Yubikey to login to my linux VPS server via SSH using Putty. But from what I have come across, I think it is too much messing around for me. Unless I am wrong.

Page 1 of 1 All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group