GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → DataDog → Yubikey

DataDog / Yubikey

Licence: mit
YubiKey at Datadog

Programming Languages

shell
77523 projects

Labels

dockergitsshgpgyubikeydatadog

Projects that are alternatives of or similar to Yubikey

Yubikey Guide
Guide to using YubiKey for GPG and SSH
Stars: ✭ 6,709 (+1607.12%)
Mutual labels:  ssh, gpg, yubikey
Yubikey Touch Detector
A tool to detect when your YubiKey is waiting for a touch (to send notification or display a visual indicator on the screen)
Stars: ✭ 167 (-57.51%)
Mutual labels:  ssh, gpg, yubikey
piv-agent
An SSH and GPG agent which you can use with your PIV hardware security device (e.g. a Yubikey).
Stars: ✭ 31 (-92.11%)
Mutual labels:  ssh, yubikey, gpg
Trezor Agent
Hardware-based SSH/PGP agent
Stars: ✭ 400 (+1.78%)
Mutual labels:  ssh, gpg
Yubikey Ssh
How to use a Yubikey with OpenSSH without GPG
Stars: ✭ 108 (-72.52%)
Mutual labels:  ssh, yubikey
Yubikey Agent
yubikey-agent is a seamless ssh-agent for YubiKeys.
Stars: ✭ 1,744 (+343.77%)
Mutual labels:  ssh, yubikey
Wsl2 Ssh Pageant
bridge between windows pageant and wsl2
Stars: ✭ 155 (-60.56%)
Mutual labels:  ssh, gpg
win-gpg-agent
[DEPRECATED] Windows helpers for GnuPG tools suite
Stars: ✭ 214 (-45.55%)
Mutual labels:  yubikey, gpg
aws-profile-gpg
🔐 ☁️ Run aws-cli commands using IAM Access Keys stored in a GPG-encrypted credentials file
Stars: ✭ 35 (-91.09%)
Mutual labels:  yubikey, gpg
gpg-smartcard-automation
Tooling to make smartcard (e.g. yubikey) initialization easier
Stars: ✭ 23 (-94.15%)
Mutual labels:  yubikey, gpg
KeyManager
Android application to manage SSH and GPG keys on GitHub written in Kotlin.
Stars: ✭ 15 (-96.18%)
Mutual labels:  ssh, gpg
rustica
An SSHCA that uses a standard Yubikey to issue new host and user certificates.
Stars: ✭ 24 (-93.89%)
Mutual labels:  ssh, yubikey
secretman
Managing secrets with Yubikey
Stars: ✭ 17 (-95.67%)
Mutual labels:  yubikey, gpg
Honeypot
Low interaction honeypot that displays real time attacks
Stars: ✭ 348 (-11.45%)
Mutual labels:  ssh
Ssh Agent
GitHub Action to setup `ssh-agent` with a private key
Stars: ✭ 365 (-7.12%)
Mutual labels:  ssh
Windterm
A quicker and better cross-platform SSH/Sftp/Shell/Telnet/Serial client.
Stars: ✭ 345 (-12.21%)
Mutual labels:  ssh
Javaweb Project
初学JAVA-WEB开发的小项目💖
Stars: ✭ 347 (-11.7%)
Mutual labels:  ssh
Wsl Ssh Pageant
A Pageant -> TCP bridge for use with WSL, allowing for Pageant to be used as an ssh-ageant within the WSL environment.
Stars: ✭ 381 (-3.05%)
Mutual labels:  ssh
Asuswrt Merlin Transparent Proxy
transparent proxy base on ss, v2ray, ipset, iptables, chinadns on asuswrt merlin.
Stars: ✭ 367 (-6.62%)
Mutual labels:  ssh
Kubectl Plugins
A Collection of Plugins for kubectl Integration (exec as any user, context switching, etc).
Stars: ✭ 340 (-13.49%)
Mutual labels:  ssh
View All Similar Projects ➔

YubiKey at Datadog

Summary

GPG is useful for authenticating yourself over SSH and / or GPG-signing your git commits / tags. However, without hardware like the YubiKey, you would typically keep your GPG private subkeys in "plain view" on your machine, even if encrypted. That is, attackers who personally target [1, 2, 3, 4] you can compromise your machine can exfiltrate your (encrypted) private key, and your passphrase, in order to pretend to be you.

Instead, this setup lets you store your private subkeys on your YubiKey. Actually, it gives you much stronger guarantees: you cannot authenticate over SSH and / or sign GPG commits / tags without: (1) your YubiKey plugged in and operational, (2) your YubiKey PIN, and (3) touching your YubiKey. So, even if there is malware trying to get you to sign, encrypt, or authenticate something, you would almost certainly notice, because your YubiKey will flash, asking for your attention. (There is the "time of check to time of use" issue, but that is out of our scope.)

Estimated burden and prerequisites

About 2-3 hours. 15 minutes could save you 15% or more on cybersecurity insurance.

You will need macOS with Homebrew / Ubuntu / Archlinux, a password manager, and a YubiKey 5.

U2F

STRONGLY recommended: configure U2F for GitHub and Google.

GPG

Please read and follow all of the instructions carefully.

$ ./gpg.sh

(Protip: set TEMPDIR=1 when preparing YubiKey for someone else to avoid polluting your default GPG homedir.)

git

STRONGLY RECOMMENDED: signing your git commits and tags.

You must first set up GPG.

Then, to sign git commits and tags for a particular repository:

$ ./git.sh /path/to/git/repository

Or, to sign git commits and tags for all repositories:

$ ./git.sh

SSH

NOT recommended unless you plan to use your GPG authentication subkey as your only SSH authentication key.

You must have first set up GPG. Then:

$ ./ssh.sh

Reset

If you need to reset YubiKeys, you may use the following script. The script looks for every plugged YubiKey, and shows a menu to reset one specific key, or all of them. Please read and follow all of the instructions carefully. YOU WILL NOT BE ABLE TO RETRIEVE KEYS/DATA FROM THE YUBIKEY AFTER COMPLETION.

$ ./reset.sh

Troubleshooting

Go here for troubleshooting common issues such as unblocking a blocked card, error when pulling or pushing with git over SSH, and rebasing with git.

Optional

Go here for support on optional bits such as Keybase, VMware Fusion, Docker Content Trust, signing for different git repositories with different keys, and configuring a computer to use an already configured Yubikey.

References

  1. YubiKey Handbook

  2. A Git Horror Story: Repository Integrity With Signed Commits

  3. Welp, there go my Git signatures

  4. [Bitcoin-development] PSA: Please sign your git commits

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].