| ▲ | noman-land 11 hours ago | |
You can add a gpg key and subkeys to a yubikey and use gpg-agent instead of ssh-agent for ssh auth. When you commit or push, it asks you for a pin for the yubikey to unlock it. | ||
| ▲ | larusso 10 hours ago | parent | next [-] | |
1 store my ssh key in 1Password and use the 1Password ssh agent. This agents asks for access to the key(s) with Touch ID. Either for each access or for each session etc. one can also whitelist programs but I think this all reduces the security. | ||
| ▲ | larusso 10 hours ago | parent | prev | next [-] | |
There is the FIDO feature which means you don’t need to hackle with gpg at all. You can even use an ssh key as signing key to add another layer of security on the GitHub side by only allowing signed commits. | ||
| ▲ | esseph 11 hours ago | parent | prev [-] | |
You can put the ssh privkey on the yubikey itself and protect it with a pin. You can also just generate new ssh keys and protect them with a pin. | ||