SSH keys on a YubiKey in a Chromebook

It’s pretty straightforward to use PGP keys on a YubiKey in a Chromebook for SSH:

• Acquire a YubiKey and create the necessary PGP keys. Here’s an example procedure.

• Go to the Chrome Web Store and install the Smart Card Connector app from Google.

• Go to the Chrome Web Store and install the Secure Shell Extension

• Launch the Smart Card Connector app and verify your YubiKey shows up in the “Smart Card readers” list.

• Launch the Secure Shell app. You should immediately see a prompt that says “The app ‘Secure Shell App’ is trying to acces the Smart Card Connector”. When you do, click “Allow”.

• In the Secure Shell app configure the connection to your target machine as you normally would, with one addition: set “SSH relay server options” to --ssh-agent=gsc

• Start the connection. You’ll be prompted to “Enter PIN to unlock key”; this is the PIN you set up previously for the OpenPGP app on your YubiKey.

• If you changed the setting to require a physical press of your YubiKey, tap the YubiKey.

• You should be logged in to your target machine.