ࢦ໲ೝূͰ SSHϩάΠϯ ҪᖒΏ͖Έͭ 2022೥12݄17೔ Kanazawa.rb meetup #124

ࣗݾ঺հ ➤ YouTuber ➤ My Outdoor Life (https://kanazawa.camp/) ➤ ത࢜(৘ใՊֶ) ➤ ΠϯλʔωοτΛ࢖ͬͨૄ݁߹෼ࢄγεςϜͷݚڀΛ͍ͯ͠·͢ ➤ גࣜձࣾΫϧ΢Οοτ औక໾COO ݉ ๺཮ࢧࣾ௕ ➤ Code for Kanazawa ཧࣄ ➤ ిࢠ޻࡞ͱφΠϑΛࣗ࡞͢Δͷ͕झຯͰ͢

YUBI KEYͱ͸ ➤ ೝূσόΠεͷҰछ ➤ ଟཁૉೝূͷͻͱͭͱͯ͠ར༻Մೳ ➤ ରԠϓϩτίϧ΋ଟ༷ ➤ FIDO2, U2F, PIV, OpenPGP , HOTP , TOTP , Yubico OTP

YUBIKEY BIOͱ͸ ➤ ରԠϓϩτίϧ ➤ FIDO U2F, FIDO2/WebAuthn(͏͐Ϳ͓ʔ͢Μ) ➤ ࢦ໲ೝূϢχοτ͖ͭ

ॳظηοτΞοϓ(WEB͔ͭ͏ฤ) ➤ yubico.com/setup/yubikey-bio-series/

No content

No content

No content

No content

No content

No content

➤ PINͱࢦ໲Λొ࿥Ͱ͖ͨ

SSHʹ͍ͭͯ ➤ OpenSSH8.2͔ΒFIDO/U2FʹରԠ ➤ ൿີ伴͕࿙Ӯͯ͠΋YubiKey͕ͳ͍ͱsshͰ͖ͳ͍ ➤ ཁૉ ➤ YubiKeyσόΠε ➤ ࢦ໲ ➤ ύεϑϨʔζ

SSHͷ伴ੜ੒Yukimitsu-no-iMac: izawa % ssh-keygen -t ed25519-sk Generating public/private ed25519-sk key pair. You may need to touch your authenticator to authorize key generation. Enter file in which to save the key (/Users/izawa/.ssh/id_ed25519_sk): ./abc Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./abc Your public key has been saved in ./abc.pub The key fingerprint is: SHA256:i6VKPEtPlunUwt4v8DnVzITGtoYyOobrZYe+2a9mbzQ izawa@Yukimitsu-no-iMac.local The key's randomart image is: +[ED25519-SK 256]-+ | | | | | . . | | = . | | S+ * | | . o+BE.+ + | | .O.%*o= | | .*+#oo* | | .oo*=*=++. | +----[SHA256]-----+ ~/Dropbox/勉強会資料 Yukimitsu-no-iMac: izawa % ls abc* abc abc.pub ύεϑϨʔζೖྗ

ϩάΠϯͯ͠ΈΔ ➤ ࣄલʹର৅αʔόͷauthorized_keysʹ௥Ճ͓ͯ͘͠ % ssh ssh-server.clwit.co.jp Confirm user presence for key ED25519-SK SHA256:e7hxJuLIsnTYF+OA7E1cidd(略 User presence confirmed Last login: Mon Dec 5 13:02:12 2022 from 100.100.88.170 izawa@ssh-server:~$ ͜͜Ͱࢦ໲ΛεΩϟϯ

YKMAN ίϚϯυʹ͍ͭͯ ➤ brewͰinstallͰ͖ΔYubiKeyૢ࡞༻ͷCLIίϚϯυ ➤ ࢦ໲ͷ௥Ճ΍ɺPINͷมߋͷ΄͔ɺYubiKeyશൠʹؔ͢Δૢ࡞͕Մೳ

·ͱΊ ➤ ଟཁૉೝূ༻ͷσόΠε΋͍Ζ͍Ζग़͍ͯ·͢ ➤ GitHub΋gitίϚϯυ Ͱ ssh ΞΫηε͢Δ৔߹ʹηΩϡϦςΟʔΩʔ͕࢖͑ΔΑ͏ʹ ͳΓ·ͨ͠ ➤ ௿ίετͰࢼͯ͠ΈΔ͜ͱ͕Ͱ͖ΔͷͰɺ༡ΜͰΈΔͱྑ͍͔΋͠Ε·ͤΜ