Download
yubikey-agent is a seamless SSH agent specifically built for secure hardware tokens such as YubiKey (and other PIV tokens). It aims to replace the standard SSH agent with a version tailored for these security devices; the key is generated on the hardware token (so it can’t be extracted), every session requires a PIN and a physical touch, and the agent is resilient to unplugging, sleep/suspend, and restarts. Setup is simple, one command and one environment variable, and then the agent just runs in the background. Because it uses pure Go and leverages libraries like go-piv/piv-go and golang it works across platforms and integrates cleanly into SSH workflows. For developers or administrators who prioritize hardware-based SSH key security, this tool lowers the friction of using secure tokens in day-to-day SSH workflows. It also supports modern best practices in SSH authentication and brings stronger guarantees of key security in a user-friendly interface.
Features
- SSH agent built around hardware security tokens (YubiKeys/PIV)
- One-command setup and a single environment variable to integrate
- Persistent, robust daemon withstands unplugging, sleep/suspend
- Public key compatibility with standard SSH servers and services
- Private key generation on token, offline extraction impossible
- Built in Go for cross-platform deployment and ease of integration
Project Samples
