Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes every weekday Monday through Friday.
This page was generated by The HPR Robot at

hpr4327 :: Chatting with Sgoti

Sgoti talks about SSH and Github.

<< First, < Previous, Next > Latest >>

Thumbnail of Some Guy On The Internet
Hosted by Some Guy On The Internet on Tuesday, 2025-03-04 is flagged as Explicit and is released under a CC-BY-SA license.
git, github, ssh, yubikey. (Be the first).

Listen in ogg, opus, or mp3 format. Play now:

Duration: 00:13:58
Download the transcription and subtitles.

general.

Chatting wth Sgoti

Sgoti talks about SSH and Github.

  • openbsd: PreferredAuthentications \

    • Specifies the order in which the client should try authentication methods. \

    • gssapi-with-mic,hostbased,publickey,keyboard-interactive,password


$ssh -Q HostKeyAlgorithms;


ssh-ed25519

ssh-ed25519-cert-v01@openssh.com

sk-ssh-ed25519@openssh.com

sk-ssh-ed25519-cert-v01@openssh.com

ssh-rsa

rsa-sha2-256

rsa-sha2-512

ssh-dss

ecdsa-sha2-nistp256

ecdsa-sha2-nistp384

ecdsa-sha2-nistp521

sk-ecdsa-sha2-nistp256@openssh.com

webauthn-sk-ecdsa-sha2-nistp256@openssh.com

ssh-rsa-cert-v01@openssh.com

rsa-sha2-256-cert-v01@openssh.com

rsa-sha2-512-cert-v01@openssh.com

ssh-dss-cert-v01@openssh.com

ecdsa-sha2-nistp256-cert-v01@openssh.com

ecdsa-sha2-nistp384-cert-v01@openssh.com

ecdsa-sha2-nistp521-cert-v01@openssh.com

sk-ecdsa-sha2-nistp256-cert-v01@openssh.com

  • openbsd: IdentitiesOnly \

    • Specifies that ssh(1) should only use the configured authentication identity and certificate files (either the default files, or those explicitly configured in the ssh_config files or passed on the ssh(1) command-line), even if ssh-agent(1) or a PKCS11Provider or SecurityKeyProvider offers more identities. The argument to this keyword must be yes or no (the default). This option is intended for situations where ssh-agent offers many different identities. \

Sample ssh config. \


#Github Primary Yubikey

Host github

   User git

   HostName github.com

   Port 22

   IdentityFile ~/.ssh/github-yubikey-0


#Github Secondary Yubikey

Host github

   User git

   HostName github.com

   Port 22

   IdentityFile ~/.ssh/github-yubikey-1


#Global properties.

Host *

   PubkeyAuthentication=yes

   PreferredAuthentications=publickey,keyboard-interactive

   PubkeyAcceptedAlgorithms=sk-ssh-ed25519@openssh.com,ssh-ed25519,rsa-sha2-512


#ssh-ed25519

#ssh-ed25519-cert-v01@openssh.com

#sk-ssh-ed25519@openssh.com

#sk-ssh-ed25519-cert-v01@openssh.com

#ssh-rsa


ssh-keygen -t ed25519-sk -C "user@domain.tld" -f ~/.ssh/github-yubikey-0;

ssh-keygen -t ed25519-sk -C "user@domain.tld" -f ~/.ssh/github-yubikey-1;

chmod --change =400 ~/.ssh/github*; #Owner only!

  • lawrencesystems: SSH with YubiKey FIDO U2F Authentication. \

  • yubico: YubiKey 5 Series \

  • github: Generating a new SSH key and adding it to the ssh-agent. \

EOF

Comments

Subscribe to the comments RSS feed.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Title:
Comment:
Anti Spam Question: What does the letter P in HPR stand for?
Are you a spammer?
Who is the host of this show?
What does HPR mean to you?