I figured it’s time to write up the quickest guide about using the yubikey as the source of your ssh key. This assumes that:

  • You have a yubikey and it’s in your usb port
  • You’ve configured gpg on you machine (I’m running gpg (GnuPG) 2.2.7)
  • You’re using the gpg-agent with enabled ssh support

Here are the steps:

gpg --card-edit
> admin
> generate
> [enter the requested PIN]
> quit

And now you’re done. You can check if the new ssh key get pulled correctly from your yubikey typing:

ssh-add -L

And you should see something like:

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQC2ooHO4NuRkjkOQ6zpl/P+RQwRibWd2EZStK61IX2RksD8m2PQKA4rpoYlbwR8tHqJYp+9hF3630ZhDBLqaN6wnLOzJ9tdAFg2QkR7uw/TlWh3/3kuDjzF8GatYIvfvnbtlX0FtVuz+rmUAeUswYpvRQKA5feX5Tf9M56IhttRtFbXZjNz5BNy8qkXD9FOTX4Ym0Zidgn6tl9EKKH4ctvK1/wTF4oSHEfyVwpKLqn/FI+0DIDi5Lx8cpFLnB4nJqj1WFe8o86yRVNWq5PehOJR3qSpllfx3fheUXePRNPrvYGyO5Ch9aikzuPoLZh4oq/TTqkfjcZLQvTv1Ai+qk8J
cardno:000605308805

Now you can use this key e.g for as your github key and whenever your push/pull/clone you will need to enter the yubikey into your device.