Github account reconfigure for SSH and YubiKey

[deric4]

GitHub keeps bugging me to do something with my 2FA by next month even though I have TOTP set up via 1Password... not sure what thats about

https://github.blog/2023-03-09-raising-the-bar-for-software-security-github-2fa-begins-march-13/

Since I don't have any keys associated with my account and been doing everything in the browser or codespaces (see #1 ), lets go ahead and see how painful it is to setup:

• [ ] SSH authentication key
• [ ] SSH Signing Key
• [ ] GPG Key? I wanted to try an ssh only config because I don't want to have to install GPGTools for mac just to sign/verify commits.... but quick look at the docs... may not be possible?

Its stupid, but not seeing verified commits in browser bugs the shit out of me.

Having git log not complain about the signed commits via ssh might be tough... i dunno.

Last time I checked https://github.com/<user>.keys doesn't return the public key for your signing key.... keyyyyyyyyyy

Doing all this with a YubiKey just cuz i feel like doin it on x-Games mode.

This is gonna hurt....

[deric4]

Last time I checked https://github.com/<user>.keys doesn't return the public key for your signing key.... keyyyyyyyyyy

Turns out https://api.github.com/users/<user>/ssh_signing_keys allows unauth reqs and returns:

[
  {
    "id": 4824,
    "key": "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINgSkZH+gOrwgVpHODgi+qgnDVviHrGY1Pg4Cf4j8i0A",
    "title": "test",
    "created_at": "2022-09-01T18:36:53.357Z"
  }
]