Open gcurtis opened 8 years ago
Make everyone use SSH keys that are stored on Yubikeys?
(sadly, not practical)
This is actually pretty cool though. I didn't know you could store keys on a Yubikey.
As a side note, storing gpg keys on the yubikey and using gpg-agent's ssh-agent emulation seems to work better; as well as playing more nicely with gpg in general, it stops macOS from trying to tie the login account to it. Even if you've permanently opted your user out, macOS will sometimes give the prompt in the middle of an OS update process where keyboard and mouse drivers aren't available (you can get past that by removing the yubikey).
So to confirm this feels like a git enhancement and less a github since the client authorization would be at that level and I don't think Hub for the moment can influence that. Agreed there are other examples like Azure DevOps supporting conditional access on git client shows there may be an option to broker that possibly.
Enabling 2FA auth for the web interface is helpful, but it doesn't protect code being pushed via SSH/HTTPS or merged from a PR.