<p>Git操作においてSecurity Keyが利用できる様になったとのことで試してみました。<br style="display:none">
<span class="embed-block zenn-embedded zenn-embedded-card"><iframe id="zenn-embedded__1f5ce1f0f08b2" src="https://embed.zenn.studio/card#zenn-embedded__1f5ce1f0f08b2" data-content="https%3A%2F%2Fgithub.blog%2F2021-05-10-security-keys-supported-ssh-git-operations%2F" frameborder="0" scrolling="no" loading="lazy"></iframe></span><a href="https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations/" style="display:none" target="_blank" rel="nofollow noopener noreferrer">https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations/</a></p>
<p>OpenSSH version 8.2以上で利用可能なので、必要に応じてopensshのバージョンを上げます。</p>
<div class="code-block-container"><pre><code>$ brew install openssh
</code></pre></div><p>以下の通りメールアドレスを指定してコマンドを実行します。</p>
<div class="code-block-container"><pre><code>$ ssh-keygen -t ecdsa-sk -C &lt;email address&gt; 
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter file in which to save the key (/path/.ssh/id_ecdsa_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /path/.ssh/id_ecdsa_sk
Your public key has been saved in /path/.ssh/id_ecdsa_sk.pub
The key fingerprint is:
SHA256:&lt;finger print&gt; &lt;email address&gt; 
The key's randomart image is:
+-[ECDSA-SK 256]--+
|             ....|
|           . o. o|
|          o OE+.o|
|         . %.Xo =|
|        S o X.+*.|
|          ..oOBoo|
|         . o+X++ |
|          . + * .|
|           . o . |
+----[SHA256]-----+
</code></pre></div><p>PCに接続されているSecurity Keyを認識してUser Presenceが要求される。その後はパスフレーズの設定などを適宜実施します。</p>
<p><code>id_ecdsa_sk.pub</code>というファイル名で公開鍵が作成されているので、通常SSH鍵を登録するのと同様にGitHubに登録します。<br>
<img src="https://storage.googleapis.com/zenn-user-upload/e7qs8x50hq89fhnm061xlk8qkhok" alt loading="lazy" class="md-img"><br>
これでGitHub操作を実施する際に以下の通りSecurity Keyが要求されるようになります。<br>
<strong>失敗時</strong></p>
<div class="code-block-container"><pre><code>$ git clone git@github.com:github/secure_headers.git
Cloning into 'secure_headers'...
Confirm user presence for key ECDSA-SK SHA256:&lt;finger print&gt;
sign_and_send_pubkey: signing failed for ECDSA-SK "/path/.ssh/id_ecdsa_sk": invalid format
git@github.com: Permission denied (publickey).
fatal: Could not read from remote repository.

Please make sure you have the correct access rights
and the repository exists.
</code></pre></div><p><strong>成功時</strong></p>
<div class="code-block-container"><pre><code>$ git clone git@github.com:github/secure_headers.git
Cloning into 'secure_headers'...
Confirm user presence for key ECDSA-SK SHA256:&lt;finger print&gt;
User presence confirmed
remote: Enumerating objects: 6687, done.
remote: Counting objects: 100% (335/335), done.
remote: Compressing objects: 100% (216/216), done.
remote: Total 6687 (delta 196), reused 227 (delta 118), pack-reused 6352
Receiving objects: 100% (6687/6687), 1.54 MiB | 2.85 MiB/s, done.
Resolving deltas: 100% (3671/3671), done.
</code></pre></div><h1 id="%E5%8F%82%E8%80%83">
<a class="header-anchor-link" href="#%E5%8F%82%E8%80%83" aria-hidden="true"></a> 参考</h1>
<ul>
<li><a href="https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations" target="_blank" rel="nofollow noopener noreferrer">https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations</a></li>
<li><a href="https://www.yubico.com/blog/github-now-supports-ssh-security-keys/" target="_blank" rel="nofollow noopener noreferrer">https://www.yubico.com/blog/github-now-supports-ssh-security-keys/</a></li>
</ul>


Security Keyを利用したSSH Git operationsを試してみた

Discussion