Hardware Touch, Stronger SSH

7 comments

• simon04 38 minutes ago

  Using a Token2 based id_ed25519_sk_rk key, I found very helpful to configure a different `pushurl` in `.git/config`. This allows to pull via HTTPS w/o a hardware touch.

      [remote "origin"]
              url = https://github.com/freeCodeCamp/devdocs.git
              pushurl = git@github.com:freeCodeCamp/devdocs.git

• antonkochubey 2 hours ago

  On Apple Silicon devices with macOS 26+, SSH keys can be natively stored in the Secure Enclave, protected via TouchID: https://news.ycombinator.com/item?id=46025721

  It only supports sk-ecdsa-sha2-nistp256 key format, however that is widely supported currently.

  [-]

  • XiS an hour ago

    Been using ed25519-sk with Yubikey for a few years now. Key is stored in KeepassXC and loaded in my SSH agent upon unlock.

    It makes my SSH key pretty portable across devices

  • Almondsetat an hour ago

    You can also do something similar with any computer that has a TPM. It's unfortunate that people don't really know about it, but I guess the tools available aren't that user friendly

    [-]

    • Foxboron 35 minutes ago

      > It's unfortunate that people don't really know about it, but I guess the tools available aren't that user friendly

      This is my cue.

      https://github.com/Foxboron/ssh-tpm-agent

• olivermuty 2 hours ago

  Filler pr jippo fluffer article aside, anyone tried to self host ubicloud lately? A year and a half ago it was super cumbersome, wondering if I should give it a new try now.

• sebazzz an hour ago

  SSH using GPG Yubikeys and git signing using GPG was quite a process to set up on Windows a few years ago. Not something I'd want or know how to repeat. Hopefully things have improved in the mean time.