Secure Shell, Standards, And The YubiKey

Yubico Team

Yubico Team

2 minute read

In new entries added recently to the white paper section of our website, we’re detailing Secure Shell options using a YubiKey, and emerging standards that combine to solve online identity challenges.

These white papers are a nice place to uncover some lesser-known YubiKey gems, learn a little more about our crypto strategy, or dive deeper into topics that offer leading-edge security choices.

Those who use their YubiKey NEO or NEO-n in conjunction with Secure Shell (SSH) love the feature, but it lives in the shadow of other, more popular, YubiKey NEO services.

For the uninitiated, you can use a YubiKey NEO with SSH to establish secure connections with remote servers.

Author Alessio di Mauro, a Yubico software engineer, explains what SSH is and why you want to use it with a YubiKey. There are many advantages to using a YubiKey with SSH. The private key is stored within the YubiKey’s secure element, and your master key stays safe as you use only an authentication subkey. In addition, if your YubiKey falls into rogue hands, the attacker only has three very slim chances to authenticate as you before the key locks down.

Once you configure your computer to use SSH keys from a YubiKey, you are set to use them with your personal server or with one of the many services that allow public key authentication such as GitHub or Bitbucket.

Alessio’s white paper takes you through all the benefits.

Also new to our white paper section is a peek at some interesting standards-based identity and authentication options fostered by the intersection of FIDO Universal 2nd Factor (U2F) and OpenID Connect. Each has its own important qualities, but also soft spots. Used together, they present new security possibilities that are explored by guest author Justin Richer, a standards advocate and consultant at Bespoke Engineering.

Also in the white paper section is Alessio’s original three-part crypto key length discussion now available as one document available for download (and sharing).

Our white paper section is a growing resource, so we hope you’ll visit now to learn more, and return in the future to find in-depth looks at a flourishing ecosystem that includes the YubiKey, FIDO U2F, security and the future of strong authentication.

Talk to our teamTalk to our team

Share this article:
  • Goodbye master passwords: Dashlane and Yubico enhance credential vault encryption and login with YubiKeysAt Authenticate 2025 this week, the world’s leading experts on modern authentication and securing digital identities gathered, to discuss the future of secure authentication and achieving usable security across the account lifecycle. The message was clear: the future of phishing-resistant authentication is using passkeys for encryption, and the gold standard is device-bound passkeys – YubiKeys. […]Read morecredential vault encryptioncredential vault loginDashlanepartnerpasskey encryptionPRF
  • Piloting Europe’s future ID: Passkeys securing digital walletsOver the last several years, passkeys have become ubiquitous. They are available on every mobile platform, in every leading browser, as part of all major enterprise IAM solutions, and in most major cloud services. Until wwWallet came along, the only place where passkeys hadn’t yet made an impact is in the rapidly developing world of […]Read moredigital identity walletspasskeysSIROSwwWallet
  • We’re excited for what’s to come – meet us in-person to find out whyIt’s been a busy year for our team, filled with exciting company and product updates aimed at better serving our customers and helping them achieve cyber resilience as AI-driven phishing threats continue evolving globally. Between industry award recognitions and key new executive leadership hires to lead Yubico to its next stage of growth and a […]Read more
  • FIPS certified vs. FIPS compliant: What’s the real difference?“Is your MFA solution FIPS compliant, or is it certified?”  This is a question we hear a lot, and for good reason. In industries where security and compliance are critical (especially in government contracts), understanding the difference between FIPS certified and FIPS compliant isn’t just semantics – it can mean the difference between meeting requirements […]Read moreFIPSNIST