On Sat, 2 Nov 2019, Jordan J wrote: > I've had a patch on the bugzilla for a while related to U2F with > support for a few additional settings such as providing a path to a > specific key to use instead of the first one found This would need to be implemented in the middleware library, either the one in libfido/tools/sk-libfido2.c or another. > and setting if user > presence is required when using the key. Is there any objection to > folding those parts in if appropriate? That's possible already: at keygen time, the default is to require user presence for signatures but you can overide this by passing the "-x 0" flag. This is currently undocumented, and I'll hopefully soon get around to documenting it and making it accept mnemonic string instead of raw U2F flags. At authentication time, I've got a patch almost ready to require user presence that I hope to commit next week. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
