Using Yubikey for SSH on OpenSuse Tumbleweed

OpenSuse Tumbleweed comes mostly ready for use with YubiKey (Assuming you have already configured your Yubikey before).
All you need to do is a few simple configuration:

  1. Create .gnupg directory under your home directory and cd into it
    mkdir ~/.gnupgp && cd $_

  2. Create gpg-agent.conf to store the required gpg-agent settings
    vim gpg-agent.conf

  3. Tell gpg-agent which tty, SSH_AUTH_SOCK, and program to use to ask for PIN by adding following configuration into gpg-agent.conf and saving the file:

enable-ssh-support  # gpg-agent will only set the SSH_AUTH_SOCK variable if this flag is set
ttyname $GPG_TTY    # Use the tty set in $GPG_TTY enviroment variable
pinentry-program /usr/bin/pinentry-curses  # Use this program to ask for pin
  1. Tell your shell (bash, zsh etc) to set the SSH_AUTH_SOCK and GPG_TTY for gpg-agent to use, and then launch gpg-agent if it’s not already started by adding the following your shell’s rc file (~/.bashrc for bash, ~/.zshrc for zsh):
export GPG_TTY="$(tty)"
export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)
gpg-connect-agent updatestartuptty /bye > /dev/null
  1. Open a new shell to make sure the new rc file is loaded, and then run
    ssh [email protected]
    If you have added your public key to your github, a prompt will pop up in shell and asks for your pin:
    OpenPGP prompt asking for pin code through pin entry program

And upon successful login to Github, you’ll see a welcome message:

Github welcome message