GeistHaus
log in · sign up

Easily Using SSH with FIDO2/U2F Hardware Security Keys

complete.org

A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess). So does OpenSSH. This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh. A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.

2 pages link to this URL
conclusion: patch OpenSSH! · kivikakk.ee
kivikakk.ee

John Goerzen’s Easily Using SSH with FIDO2/U2F Hardware Security Keys came up yesterday, and I thought it was a good time to fix my mess of private keys. I already own a YubiKey 5C Nano, which sits in my laptop at all times, as well as a 5C NFC, which I figured I could use hopefully with both my phone (NFC) and tablet (USB-C) for SSH when needed. The ideal was to drop all non-SK keys, and use move to using agent forwarding exclusively when authenticating between hosts — rarely needed, but nice fo

0 inbound links website en
How to Use SSH with FIDO2/U2F Security Keys
changelog.complete.org John Goerzen
0 inbound links en Uncategorized airgapamateur radioarchivingasynchronousbackupbackupsbicyclingbooksbtrfsdardarcsDebianeditorsemacsemacs2018emailencryptionfacebookfilesystemsgitgrandmahaskellInternetjacobloramercurialmeshmexicomexico2011musicnncporg-modeosconprivacyradioreligionsecurityserendipityserialsignaltech supportTuttleuucpvcszfs