![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[DEALS] The Premium Learn to Code Certification Bundle (97% off) & Other Deals Up To 98% Off – Offers End Soon!](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
_Christophe_Coat_Alamy.jpg?#)
 (1).webp?#)
![iPhone 17 Pro Won't Feature Two-Toned Back [Gurman]](https://www.iclarified.com/images/news/96944/96944/96944-640.jpg)
![Tariffs Threaten Apple's $999 iPhone Price Point in the U.S. [Gurman]](https://www.iclarified.com/images/news/96943/96943/96943-640.jpg)
A step-by-step guide to setting up SSH authentication with YubiKey 5.7 or later version and ED25519-SK keys on Windows 11.
Setting Up YubiKey for SSH on Windows 11 Prerequisites A YubiKey 5.7 (or later version) security key, with user PIN actvated for FIDO2 functionality Git installed and Github repo Admin rights for configuring system files Step 1: Install YubiKey CLI and GUI Tools, set PIN for FIDO YubiKey offers two management tools: winget install Yubico.YubiKeyManagerCLI # Deprecated Windows app winget install Yubico.YubikeyManager # Modern CLI tool: ykman in admin terminal ykman fido access change-pin or set pin by using gui YubiKey Manager Step 2: Configure GPG Agent for SSH Support Locate and edit (or create if missing) the following configuration file: $env:AppData\Roaming\gnupg\gpg-agent.conf Alternatively, it might be under .gnupg directory. Add or update the file with: # Enable SSH support through GPG agent enable-ssh-support enable-win32-openssh-support enable-putty-support # Cache settings default-cache-ttl 600 max-cache-ttl 7200 default-cache-ttl-ssh 1800 max-cache-ttl-ssh 7200 # Windows-style path for SSH control socket use-standard-socket Step 3: Generate ED25519-SK SSH Key Run the following command to generate an SSH key using the YubiKey: ssh-keygen -t ed25519-sk -O resident -O verify-required -C "Your Comment" To generate multiple credentials on the same security key: ssh-keygen -t ed25519-sk -O resident -O application=ssh:Description -C "Your Comment" Replace Description with a unique identifier, e.g., your email. Step 4: Verify Credentials With an elevated command prompt, check your stored credentials: ykman fido credentials list Example output: Enter your PIN: Credential ID RP ID Username Display name 50f... ssh: openssh openssh Ensure that your SSH public key is added to your GitHub account. Step 5: Test SSH Authentication Test your SSH connection to GitHub: ssh -i "C:\Users\User\.ssh\id_ed25519_sk" -T git@github.com Expected output: Confirm user presence for key ED25519-SK SHA256:J... User presence confirmed Hi username! You've successfully authenticated, but GitHub does not provide shell access. Step 6: Configure Git for Signed Commits Set up your repository for commit signing: git config --local user.name "your_username" git config --local user.email "your_username@users.noreply.github.com" git config --local commit.gpgsign true git config --local gpg.format ssh git config --local user.signingkey "C:/Users/Username/.ssh/id_ed25519_sk" Step 7: Update SSH Config File Edit ~/.ssh/config to streamline authentication: Host github.com User git Port 22 IdentitiesOnly yes PreferredAuthentications publickey PasswordAuthentication no IdentityFile ~/.ssh/id_ed25519_sk # Add your SSH key IdentityFile ~/.ssh/id_ed25519.home # Additional identities Step 8: Verify Git Authentication Try pulling from your repository: git pull Expected output: Confirm user presence for key ED25519-SK SHA256:... User presence confirmed Already up to date. References Securing SSH with FIDO2 This guide ensures secure SSH authentication using YubiKey on Windows
Setting Up YubiKey for SSH on Windows 11
Prerequisites
- A YubiKey 5.7 (or later version) security key, with user PIN actvated for FIDO2 functionality
- Git installed and Github repo
- Admin rights for configuring system files
Step 1: Install YubiKey CLI and GUI Tools, set PIN for FIDO
YubiKey offers two management tools:
winget install Yubico.YubiKeyManagerCLI # Deprecated Windows app
winget install Yubico.YubikeyManager # Modern CLI tool: ykman
in admin terminal
ykman fido access change-pin
or set pin by using gui YubiKey Manager
Step 2: Configure GPG Agent for SSH Support
Locate and edit (or create if missing) the following configuration file:
$env:AppData\Roaming\gnupg\gpg-agent.conf
Alternatively, it might be under .gnupg directory. Add or update the file with:
# Enable SSH support through GPG agent
enable-ssh-support
enable-win32-openssh-support
enable-putty-support
# Cache settings
default-cache-ttl 600
max-cache-ttl 7200
default-cache-ttl-ssh 1800
max-cache-ttl-ssh 7200
# Windows-style path for SSH control socket
use-standard-socket
Step 3: Generate ED25519-SK SSH Key
Run the following command to generate an SSH key using the YubiKey:
ssh-keygen -t ed25519-sk -O resident -O verify-required -C "Your Comment"
To generate multiple credentials on the same security key:
ssh-keygen -t ed25519-sk -O resident -O application=ssh:Description -C "Your Comment"
Replace Description with a unique identifier, e.g., your email.
Step 4: Verify Credentials
With an elevated command prompt, check your stored credentials:
ykman fido credentials list
Example output:
Enter your PIN:
Credential ID RP ID Username Display name
50f... ssh: openssh openssh
Ensure that your SSH public key is added to your GitHub account.
Step 5: Test SSH Authentication
Test your SSH connection to GitHub:
ssh -i "C:\Users\User\.ssh\id_ed25519_sk" -T git@github.com
Expected output:
Confirm user presence for key ED25519-SK
SHA256:J...
User presence confirmed
Hi username! You've successfully authenticated, but GitHub does not provide shell access.
Step 6: Configure Git for Signed Commits
Set up your repository for commit signing:
git config --local user.name "your_username"
git config --local user.email "your_username@users.noreply.github.com"
git config --local commit.gpgsign true
git config --local gpg.format ssh
git config --local user.signingkey "C:/Users/Username/.ssh/id_ed25519_sk"
Step 7: Update SSH Config File
Edit ~/.ssh/config to streamline authentication:
Host github.com
User git
Port 22
IdentitiesOnly yes
PreferredAuthentications publickey
PasswordAuthentication no
IdentityFile ~/.ssh/id_ed25519_sk # Add your SSH key
IdentityFile ~/.ssh/id_ed25519.home # Additional identities
Step 8: Verify Git Authentication
Try pulling from your repository:
git pull
Expected output:
Confirm user presence for key ED25519-SK
SHA256:...
User presence confirmed
Already up to date.
References
This guide ensures secure SSH authentication using YubiKey on Windows
