Back to Rants

I have been using Yubikey Neo to manage my OpenSSH key in a CCID at work. I have made it work in Ubuntu and MacOS with relative ease, but most of my colleagues are on Windows and wondered how this could be done on the M$ platform. So I decided to give it a shot and try it out on their newly released Windows 10 (or shall we call it WinOS X  ) Step 0: Get YubiKey Neo configured as CCID Of course you have to buy this hardware before we can even begin. Before your Yubikey appears as a CCID  you will need to use YubiKey Neo Manager to enable it. See the following screenshot.  You cannot have a password for your Yubikey when you are changing the modes. If you do then you will have to delete that configuration with YubiKey personalization tool. Make sure to exit the GUI applications before you start using console later. Step 1: Check if you Yubikey works. You will need have gpg executable installed.  Gpg4Win  to interact with your Yubikey C:\> gpg --card-edit gpg: det

Lately I have been involved in a team which is developing software as micro-services. It is very interesting work and has helped me to get introduced to some interesting technologies such as AWS Ansible and Docker in depth (and in practice). Ansible is a great deployment automation tool. It is made in python, is declarative and agent-less (i.e. it just needs SSH access to your box). SSH it self is very secure if you use key based authentication. But people tend to use it in very insecure manner (i.e they share SSH keys on email, don't delete old SSH keys once they are revoked etc). In my opinion the best solution to stop sharing of private keys is to generate them on a hardware token from which they cannot be (easily) copied. Fortunately I have access to Yubico Neo  on which I managed to generate a public/private gpg key. The private key resides in your gpg card and public key can be put in your Ansible target hosts. There are quite a few guides ( Mac , Linux , Windows)