On Thu, 2 Jan 2020, Fox, Kevin M wrote: > In the u2f protocol, my understanding is in the normal case, the web > browser seeds the keypair process with the hostname of the remote > server. In the case of ssh, the hostname is probably not what I would > want to do. But the u2f protocol seems to have a way to handle this. > It just needs to be exposed to the user. The content of the private > keyfile in ssh is generated somehow. Where is that done? The key generation is done solely by the token. There are several strings (challenge, application) that OpenSSH sends to the token that are inputs the the process, but I'd expect most tokens would have onboard CSPRNGs that they use the actually generate the keys. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev