On Fri, 1 Nov 2019, Damien Miller wrote: > Hi, > > As of this morning, OpenSSH now has experimental U2F/FIDO support, with > U2F being added as a new key type "sk-ecdsa-sha2-nistp256@xxxxxxxxxxx" > or "ecdsa-sk" for short (the "sk" stands for "security key"). An update on this: I've just committed internal support for U2F/FIDO2 security keys to OpenSSH. If ./configure can find a compatible libfido2 then it will be used automatically, with no additional configuration required in OpenSSH tools. You should use libfido2 HEAD for now until they make their next release. Practically, this means that you can just run "ssh-keygen -t ecdsa-sk" and it will work without fiddling with middleware binaries, etc. Please give this a try - security key support is a substantial change and it really needs testing ahead of the next release. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
