On Fri, 3 Jan 2020, David Lang wrote: > On Fri, 3 Jan 2020, Christian Weisgerber wrote: > > > David Lang: > > > > > not supporting authentication from multiple machines seems to defeat the > > > purpose of adding u2f support. > > > > It works just like other SSH key types. You have a private SSH key > > and a public one, and you can copy the private key to multiple > > machines or load it into ssh-agent and use agent forwarding. > > > > The only difference is that the private SSH key on its own is > > insufficient and requires the cooperation of the FIDO/U2F authenticator. > > part of the value of u2f is that there is not anything that you need to > install on every system. Well, see what I said earlier about resident keys. If you have a FIDO2 token and generate a resident key then you don't need to pre-arrange anything. > As I said, Google has a modified sshd that they use with u2f keys that does > not require anything be copied or stored on the client machine. I'm fairly sure that this isn't the case. Can you point me at some documentation of this? -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
