Use your Yubikey as your SSH key
Today I was following this guide and trying to put a SSH key to my Yubikey: https://ruimarinho.gitbooks.io/yubikey-handbook/content/ssh/authenticating-ssh-with-piv-and-pkcs11-client/
Unfortunately I ran into problems and I’d like to share how do you do it nowadays on macOS Catalina.
First of all, if you haven’t installed Yubikey Manager, not Yubikey Personalization Tool, download it here https://developers.yubico.com/yubikey-manager-qt/Releases/yubikey-manager-qt-1.1.3-mac.pkg and install it. You will need to manually initialize your Yubikey, following this guide: https://ruimarinho.gitbooks.io/yubikey-handbook/content/device-initialization/
Next, install OpenSC on your Mac by running
brew install opensc. You will need to fix the Could not add card “/usr/local/opt/opensc/lib/pkcs11/opensc-pkcs11.so”: agent refused operation problem by running the following two commands as well, which copies the OpenSC PCKS#11 library to the whitelisted location of ssh-agent:
sudo rm /usr/local/lib/opensc-pkcs11.so sudo cp /usr/local/Cellar/opensc/0.20.0/lib/opensc-pkcs11.so /usr/local/lib
Now you should use
/usr/local/lib/opensc-pkcs11.so instead of
/usr/local/opt/opensc/lib/pkcs11/opensc-pkcs11.so. Follow the guide above and have fun with your new SSH key.