Adding FIDO / WebAuthn to sshd

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I was thinking that it might be interesting to add FIDO [1] / WebAuthn [2]
to sshd to enable users to login remotely using biometrics. (Note that
WebAuthn is currently being implemented in Windows 10 and Google Android,
so there will be a large number of clients that could support this
natively.) Unfortunately, the challenge / response scheme used by those
protocols doesn't fit well with PAM because PAM assumes that it is sending
a relatively small password prompt and receiving a relatively small
password back.

But a quick read through sshd.c shows that maybe I could have my own #ifdef
similar to USE_PAM to integrate FIDO / WebAuthn. My questions are:

1. Is that the right approach?
2. What are the guidelines around making a contribution like this and / or
would you guys be interested in this contribution?
3. Anyone want to help? :)

Thanks,
Adam

[1] https://fidoalliance.org/download/
[2] https://www.w3.org/TR/webauthn/
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux