I see the PROTOCOL.u2f file defines a webauthn signature type string "webauthn-sk-ecdsa-sha2-nistp256@xxxxxxxxxxx" string ecdsa_signature byte flags uint32 counter string origin string clientData string extensions and it is also listed as supported by my OpenSSH client and sever $ ssh -V OpenSSH_8.5p1, OpenSSL 1.1.1k 25 Mar 2021 $ ssh -Q sigs ... webauthn-sk-ecdsa-sha2-nistp256@xxxxxxxxxxx $ ssh -v localhost ... debug1: kex_input_ext_info: server-sig-algs=<...,webauthn-sk-ecdsa-sha2-nistp256@xxxxxxxxxxx> I am very curious what this is for and am hoping someone could elaborate in case it might be useful to us? If I try and limit my connection to it, it seems to imply there should be some corresponding key type $ ssh -v -o PubkeyAcceptedAlgorithms=webauthn-sk-ecdsa-sha2-nistp256@xxxxxxxxxxx localhost ... debug1: Skipping sk-ecdsa-sha2-nistp256@xxxxxxxxxxx key /home/tyson/.ssh/id_ecdsa_sk - corresponding algo not in PubkeyAcceptedAlgorithms ... Is there anything that currently uses it? Is it to support ssh client running on a server and proxing back the challenge to user via a web-browser? Part of certificates somehow? Thanks! -Tyson _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
