On Fri, 15 Nov 2019, Damien Miller wrote:
> On Fri, 1 Nov 2019, Damien Miller wrote:
>
> > Hi,
> >
> > As of this morning, OpenSSH now has experimental U2F/FIDO support, with
> > U2F being added as a new key type "sk-ecdsa-sha2-nistp256@xxxxxxxxxxx"
> > or "ecdsa-sk" for short (the "sk" stands for "security key").
>
> An update on this: I've just committed internal support for U2F/FIDO2
> security keys to OpenSSH. If ./configure can find a compatible libfido2
> then it will be used automatically, with no additional configuration
> required in OpenSSH tools. You should use libfido2 HEAD for now until
> they make their next release.
>
> Practically, this means that you can just run "ssh-keygen -t ecdsa-sk"
> and it will work without fiddling with middleware binaries, etc.
>
> Please give this a try - security key support is a substantial change and
> it really needs testing ahead of the next release.
One more note: you'll need to pass --with-security-key-builtin to
configure to enable the built-in security key support. If it finds
the libraries that it depends on then you should see something like:
U2F/FIDO support: built-in
In configure's final summary.
-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
