[veganjay]

Is there a way to show which SSH keys are loaded on the Yubikey? (It looks like you can store multiple)

Also, how can one remove the SSH keys from the Yubikey?

I've tried to find articles and SSH on the Yubikey gets very confusing as there seem to be so many techniques!

[vletal]

In the blogpost they give an example of exactly that

   $ ssh-add -L
   sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKgGePSwpBuHUhrFCRLch9Usqi7L0fKtgTRnh6F/R+ruAAAABHNzaDo= cadey@shachi

Seems like the key is exposed as ssh agent.

[veganjay]

Thanks - "ssh-add -L" talks to the ssh-agent and asks what keys are loaded. That shows all keys including keys from the yubikey and from the local filesystem.

I am looking for a command that shows what's on the yubikey.

From what I gather, if the command from the article is run: "ssh-keygen -t ed25519-sk -O resident", the key is stored in a FIDO2 slot.

If that's the case, my question is how to show what is in the FIDO2 slots and how to delete them?

[veganjay]

Found it:

Install ykman: https://github.com/Yubico/yubikey-manager#linux

Show FIDO2 credentials:

    $ ykman fido credentials list
    ssh: 0000000000000000000000000000000000000000000000000000000000000000 openssh

Delete:

    $ ykman fido credentials delete CREDENTIAL