指紋認証でsshログイン

Transcript

1. ࢦ໲ೝূͰ SSHϩάΠϯ ҪᖒΏ͖Έͭ 2022೥12݄17೔ Kanazawa.rb meetup #124

2. ࣗݾ঺հ ➤ YouTuber ➤ My Outdoor Life (https://kanazawa.camp/) ➤ ത࢜(৘ใՊֶ)

   ➤ ΠϯλʔωοτΛ࢖ͬͨૄ݁߹෼ࢄγεςϜͷݚڀΛ͍ͯ͠·͢ ➤ גࣜձࣾΫϧ΢Οοτ औక໾COO ݉ ๺཮ࢧࣾ௕ ➤ Code for Kanazawa ཧࣄ ➤ ిࢠ޻࡞ͱφΠϑΛࣗ࡞͢Δͷ͕झຯͰ͢

3. YUBI KEYͱ͸ ➤ ೝূσόΠεͷҰछ ➤ ଟཁૉೝূͷͻͱͭͱͯ͠ར༻Մೳ ➤ ରԠϓϩτίϧ΋ଟ༷ ➤ FIDO2,

   U2F, PIV, OpenPGP , HOTP , TOTP , Yubico OTP

4. YUBIKEY BIOͱ͸ ➤ ରԠϓϩτίϧ ➤ FIDO U2F, FIDO2/WebAuthn(͏͐Ϳ͓ʔ͢Μ) ➤ ࢦ໲ೝূϢχοτ͖ͭ

5. ॳظηοτΞοϓ(WEB͔ͭ͏ฤ) ➤ yubico.com/setup/yubikey-bio-series/

6. None
7. None
8. None
9. None
10. None
11. None

12. ➤ PINͱࢦ໲Λొ࿥Ͱ͖ͨ

13. SSHʹ͍ͭͯ ➤ OpenSSH8.2͔ΒFIDO/U2FʹରԠ ➤ ൿີ伴͕࿙Ӯͯ͠΋YubiKey͕ͳ͍ͱsshͰ͖ͳ͍ ➤ ཁૉ ➤ YubiKeyσόΠε ➤

    ࢦ໲ ➤ ύεϑϨʔζ

14. SSHͷ伴ੜ੒Yukimitsu-no-iMac: izawa % ssh-keygen -t ed25519-sk Generating public/private ed25519-sk key

    pair. You may need to touch your authenticator to authorize key generation. Enter file in which to save the key (/Users/izawa/.ssh/id_ed25519_sk): ./abc Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in ./abc Your public key has been saved in ./abc.pub The key fingerprint is: SHA256:i6VKPEtPlunUwt4v8DnVzITGtoYyOobrZYe+2a9mbzQ [email protected] The key's randomart image is: +[ED25519-SK 256]-+ | | | | | . . | | = . | | S+ * | | . o+BE.+ + | | .O.%*o= | | .*+#oo* | | .oo*=*=++. | +----[SHA256]-----+ ~/Dropbox/勉強会資料 Yukimitsu-no-iMac: izawa % ls abc* abc abc.pub ύεϑϨʔζೖྗ

15. ϩάΠϯͯ͠ΈΔ ➤ ࣄલʹର৅αʔόͷauthorized_keysʹ௥Ճ͓ͯ͘͠ % ssh ssh-server.clwit.co.jp Confirm user presence for

    key ED25519-SK SHA256:e7hxJuLIsnTYF+OA7E1cidd(略 User presence confirmed Last login: Mon Dec 5 13:02:12 2022 from 100.100.88.170 izawa@ssh-server:~$ ͜͜Ͱࢦ໲ΛεΩϟϯ

16. YKMAN ίϚϯυʹ͍ͭͯ ➤ brewͰinstallͰ͖ΔYubiKeyૢ࡞༻ͷCLIίϚϯυ ➤ ࢦ໲ͷ௥Ճ΍ɺPINͷมߋͷ΄͔ɺYubiKeyશൠʹؔ͢Δૢ࡞͕Մೳ

17. ·ͱΊ ➤ ଟཁૉೝূ༻ͷσόΠε΋͍Ζ͍Ζग़͍ͯ·͢ ➤ GitHub΋gitίϚϯυ Ͱ ssh ΞΫηε͢Δ৔߹ʹηΩϡϦςΟʔΩʔ͕࢖͑ΔΑ͏ʹ ͳΓ·ͨ͠ ➤

    ௿ίετͰࢼͯ͠ΈΔ͜ͱ͕Ͱ͖ΔͷͰɺ༡ΜͰΈΔͱྑ͍͔΋͠Ε·ͤΜ