# freebsd13 and yubikey bio for ssh



## mitchreward (Oct 10, 2022)

Hello, 

I'm struggling to configure my freebsd 13 to use the *ssh resident key* stored on a yubikey *bio*.

I can't find any good procedure to get it work. I've installed pscs daemon. But I can't load ssh identity in the ssh-agent.
I've also installed and tried yubikey-agent that doesn't detect the yubikey bio.
Anyone have a procedure or a minimal list of what to install/do ?

thanks


----------



## mitchreward (Oct 10, 2022)

to give more info, when I run a `ssh-add -K` I get:


```
Enter PIN for authenticator:
Provider "internal" returned failure -1
Unable to load resident keys: invalid format
```

and

```
ykman piv info
Error: Command 'piv' requires one of the following USB interfaces to be enabled: 'CCID'.

Use 'ykman config usb' to set the enabled USB interfaces.
```

and


```
ykman config usb -e PIV
PIV not supported over USB on this YubiKey
```

`fido2-token -L`
returns only if launched as root or sudo


----------



## mitchreward (Oct 11, 2022)

I got it working ! here is the summary for the community:


```
# need to install: 
sudo pkg install libfido2-1.11.0 u2f-devd
#make sure user can access the yubikey, not only root
# add your user into u2f group, (see permissions of /dev/uhid0 device)
pw group mod u2f -m {userNameHere}

# should list your yubikey(s):
fido2-token -L

# ssh security-key generation 
/usr/local/bin/ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519-sk -O resident -v
# load the identity in agent
ssh-add .ssh/id_ed25519-sk
Identity added: .ssh/id_ed25519-sk (mick@Freebi)
```

enjoy


----------

