https://jamesog.net/tags/guide/ Recent content in guide on james(bl)og Hugo en-gb Sat, 28 Mar 2026 16:00:00 +0000 https://jamesog.net/2023/03/03/yubikey-as-an-ssh-certificate-authority/ Fri, 03 Mar 2023 16:00:00 +0000 https://jamesog.net/2023/03/03/yubikey-as-an-ssh-certificate-authority/ <p>This is a guide to setting up a YubiKey for use as an offline SSH certificate authority.</p> <p>This assumes a brand new YubiKey with no prior configuration on it, to be used solely as a CA.</p> <h2 id="why">Why?</h2> <p>Typically a CA should be on a secured, isolated machine. Using a dedicated YubiKey means you can isolate your CA and keep it in a drawer so that it can&rsquo;t be accessed. YubiKeys offer protections such as requiring a PIN and/or touching the key for <a href="https://developers.yubico.com/PIV/">PIV</a> operations.</p>