Introduction: This guide will walk you through the process of importing your SSH private key to a Yubikey (PIV) for SSH authentication on your Mac.
Step 1: Install "yubico-piv-tool" Install the "yubico-piv-tool" on your Mac by running the following command:
brew install yubico-piv-tool
Step 2: Convert SSH Private Key to PEM Format Convert your SSH private key to PEM format without a passphrase using the following command:
bashopenssl rsa --in ~/.ssh/id_rsa -outform pem > ~/.ssh/id_rsa.pem
Step 3: Import PEM File to Yubikey Import the PEM file into your Yubikey with the following command:
bashyubico-piv-tool -s 9a -a import-key -i ~/.ssh/id_rsa.pem
Authentication to Remote Server with Yubikey To authenticate with a remote server using your Yubikey, use the following SSH command: (for other OS: https://developers.yubico.com/PGP/SSH_authentication)
bashssh myhost -I /opt/homebrew/Cellar/yubico-piv-tool/2.3.1/lib/libykcs11.2.3.1.dylib
(Optional) Add Yubico-PIV (or other smart card) driver lib path to ssh configuration Add driver path to file .ssh/config (https://ubuntu.com/server/docs/security-smart-cards-ssh). Then you don't need to identify a library path every time.
vim .ssh/configPKCS11Provider /opt/homebrew/Cellar/yubico-piv-tool/2.3.1/lib/libykcs11.2.3.1.dylib
