Last active
April 24, 2026 13:57
-
-
Save ebirn/08167d4aae07e976d47cd467f59cbe78 to your computer and use it in GitHub Desktop.
MacOS SSH config for secure keys (secure enclave + touchid, yubikey)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # to use the "tagged" config on the commandline: | |
| # ssh -P <tagname> example.com | |
| # to reuse the config in a Host block, use as stanza within the Host block | |
| # Tag <tagname> | |
| # see also https://man7.org/linux/man-pages/man5/ssh_config.5.html | |
| # MacOS secure enclave + touchid | |
| # see also https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb4acf | |
| # requires downloading key first, disable password (it needs touchid anyways) | |
| # ssh-keygen -K -w /usr/lib/ssh-keychain.dylib -N "" | |
| # to use this tagged config: ssh -P scauth | |
| # | |
| Match tagged touchid | |
| IdentitiesOnly yes | |
| IdentityFile ~/.ssh/id_ecdsa_sk_rk_touchid | |
| SecurityKeyProvider /usr/lib/ssh-keychain.dylib | |
| PreferredAuthentications publickey | |
| # YUBIKEY config | |
| # create keys: https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html | |
| # see also https://gist.github.com/jaybuidl/d42145c32adc48ba6ecc89f73c6bb0c9 | |
| # install sh-libfido2 | |
| # brew tap theseal/ssh-askpass | |
| # brew install michaelroosz/ssh/libsk-libfido2 | |
| # download keys | |
| # ssh-keygen -K -w /usr/local/lib/libsk-libfido2.dylib | |
| # to use this tagged config: ssh -P yubi | |
| # | |
| Match tagged yubi | |
| IdentitiesOnly yes | |
| IdentityFile ~/.ssh/id_ed25519_sk_rk_YubiSSH | |
| SecurityKeyProvider /usr/local/lib/libsk-libfido2.dylib | |
| PreferredAuthentications publickey | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment