[vladvasiliu]

> As of OpenSSH 8.2 (Feburary 14, 2020) you are able to store an SSH private key on a yubikey! Here's how to do it.

Many systems still don't have OpenSSH 8.2 (Windows 11, older debian stable, etc). For those, another solution is to use the PGP applet of the YubiKey, which exposes a regular RSA key.

This guide has worked well for me: https://github.com/drduh/YubiKey-Guide

You can jump to the SSH sections if that's all you're after.

There's a missing piece for Windows, since the agent coming with WinGPG won't be reachable by SSH. Some guy on GitHub put out a workaround, but I can't find it right now.

--

edit: The workaround for Windows is this one: https://github.com/rupor-github/win-gpg-agent

[Denvercoder9]

> older debian stable

A bit pedantic, but what's currently "Debian stable", Debian 11, has OpenSSH 8.4. The previous release, Debian 10, has OpenSSH 7.9, but it is no longer called stable (instead, it's sometimes called "oldstable").

[ylk]

> which exposes a regular RSA key

With newer Yubikeys you can also use ECC PGP keys:

> Support for Elliptic Curve Cryptographic Algorithms have been added to the YubiKey 5.2.3 and above firmware.

https://developers.yubico.com/PGP/YubiKey_5.2.3_Enhancements...

[jve]

Another solution for windows: The support is already there within 8.9.1.0 beta release: https://github.com/PowerShell/Win32-OpenSSH/releases

You must then use the SSH installed within 'C:\Program Files\OpenSSH\ssh.exe' and not the builtin within system32.

[knorker]

Not to mention all the network appliances in the world.

While this only works for a subset I'll stay with my RSA key in PIV mode on yubikey. Works great.