Normally, when using SSH (including SSH with Git), you generate a private and public key. The public key is what you give to others (e.g. Github). The private key should be kept secure and not be shared with anyone. I don't like keeping my private keys on my laptop because mobile devices have a higher chance of being lost, stolen, or unknowingly accessed. One solution is use a physical security key to store the private key that is plugged in to the laptop when needed.
To set this up requires having a security key such as the Yubikey from Yubico. Then it is a matter of generating a key pair with SSH:
> ssh-keygen -t ecdsa-sk # -t ed25519-sk is also an option but not always supportedThis will generate the private key on the security key. The generated id_ecdsa_sk file in the SSH directory is just a reference to the security key instead of the normal private key. The id_ecdsa_sk.pub is the public key that you would share. Whenever ssh needs to authenticate, the key will blink and with a tap of the key you'll be good to go!
For each computer that you want to use the key, you'll need to copy the reference key file to the SSH directory.
No comments:
Post a Comment