[openssh-commits] [openssh] 01/02: upstream: SSH U2F keys can now be used as host keys. Fix a garden

git+noreply at mindrot.org git+noreply at mindrot.org
Sat Dec 21 13:22:13 AEDT 2019


This is an automated email from the git hooks/post-receive script.

djm pushed a commit to branch master
in repository openssh.

commit 416f15372bfb5be1709a0ad1d00ef5d8ebfb9e0e
Author: naddy at openbsd.org <naddy at openbsd.org>
Date:   Fri Dec 20 20:28:55 2019 +0000

    upstream: SSH U2F keys can now be used as host keys. Fix a garden
    
    path sentence. ok markus@
    
    OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
---
 PROTOCOL.u2f | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 066d0995..61b70d6e 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -37,7 +37,7 @@ hardware, thus requiring little on-device storage for an effectively
 unlimited number of supported keys. This drives the requirement that
 the key handle be supplied for each signature operation. U2F tokens
 primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
-standard specified additional key types include one based on Ed25519.
+standard specifies additional key types, including one based on Ed25519.
 
 SSH U2F Key formats
 -------------------
@@ -49,10 +49,6 @@ OpenSSH integrates U2F as new key and corresponding certificate types:
 	sk-ssh-ed25519 at openssh.com
 	sk-ssh-ed25519-cert-v01 at openssh.com
 
-These key types are supported only for user authentication with the
-"publickey" method. They are not used for host-based user authentication
-or server host key authentication.
-
 While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
 keys require extra information in the public and private keys, and in
 the signature object itself. As such they cannot be made compatible with

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.


More information about the openssh-commits mailing list