u2f seed

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

When using openssh with a u2f key, you generate a key via:
ssh-keygen -t ecdsa-sk

Each time you run it, it gives a different key pair. (Randomly seeming).

A differently generated key pair is not valid with the first's public key.

All good so far, but you run into a problem if:

    You generate a keypair (A).
    You register your public key for (A) on a bunch of ssh servers.
    You take your fido2 key to a second client machine and try and login to your servers.

It kind of defeats the purpose of being able to have a portable keyfob.

If there was a way to seed the generation phase manually, then the same seed can be used on each client machine so that the ssh pub/private key doesn't have to be transferred along with the u2f keyfob?

Thanks,
Kevin
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux