Benjamin Schneider

Asked: 2021-12-13 03:34:13 +0800 CST2021-12-13 03:34:13 +0800 CST 2021-12-13 03:34:13 +0800 CST

Securing SSH access with YubiKey: ed25519-sk vs. pam_yubico

I just got some YubiKeys to secure my important accounts and am now wondering about the best way of securing access to some VPS boxes I have. Up until now, I have disabled password-based login and used SSH keys to connect to the servers.

As far as I can tell from some research, there are two ways to secure SSH access with a YubiKey:

Generating a ed25519-sk key pair which can only be used together with the YubiKey
Using the pam_yubico module on the server to only allow access with a regular SSH key and the YubiKey as a second factor

Is there any reason to prefer one of these over the other for security or convenience?

Securing SSH access with YubiKey: ed25519-sk vs. pam_yubico

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Securing SSH access with YubiKey: ed25519-sk vs. pam_yubico

0 Answers