Re: Security of ssh across a LAN, public key versus password

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Stuart Henderson wrote:

This is why I push for challenge/response tokens, not simply
cert authentication, and really wish that FIDO (such as yubikey)
was an option, but the discussions I've seen about suporting
that have not been encouraging.

hmm? That works pretty well in OpenSSH.

hmm, what I'm finding doesn't seem to use the FIDO challenge/response to the server, instead it looks like a public/private key that's unlocked with a touch, possibly storing the private key on the hardware dongle (but it seems like there's still a key you need to put on the client system)

Quoting from the yubikey website:
OpenSSH version 8.2p1 added support for FIDO hardware authenticators. FIDO devices are supported by the public key types “ecdsa-sk” and “ed25519-sk", along with corresponding certificate types.

It then goes on to talk about generating the key with ssh-keygen

I could easily be missing something about this.

David Lang
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux