Re: U2F support in OpenSSH HEAD

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 1 Nov 2019, Damien Miller wrote:

> Hi,
> 
> As of this morning, OpenSSH now has experimental U2F/FIDO support, with
> U2F being added as a new key type "sk-ecdsa-sha2-nistp256@xxxxxxxxxxx"
> or "ecdsa-sk" for short (the "sk" stands for "security key").

An update on this: I've just committed internal support for U2F/FIDO2
security keys to OpenSSH. If ./configure can find a compatible libfido2
then it will be used automatically, with no additional configuration
required in OpenSSH tools. You should use libfido2 HEAD for now until
they make their next release.

Practically, this means that you can just run "ssh-keygen -t ecdsa-sk"
and it will work without fiddling with middleware binaries, etc.

Please give this a try - security key support is a substantial change and
it really needs testing ahead of the next release.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux