[openssh-commits] [openssh] 02/15: upstream: clarify role of FIDO tokens in multi-factor
git+noreply at mindrot.org
git+noreply at mindrot.org
Wed May 27 21:55:01 AEST 2020
This is an automated email from the git hooks/post-receive script.
djm pushed a commit to branch master
in repository openssh.
commit 5a442cec92c0efd6fffb4af84bf99c70af248ef3
Author: djm at openbsd.org <djm at openbsd.org>
Date: Mon May 11 02:11:29 2020 +0000
upstream: clarify role of FIDO tokens in multi-factor
authentictation; mostly from Pedro Martelletto
OpenBSD-Commit-ID: fbe05685a1f99c74b1baca7130c5a03c2df7c0ac
---
PROTOCOL.u2f | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f
index 917e669c..fd4325b3 100644
--- a/PROTOCOL.u2f
+++ b/PROTOCOL.u2f
@@ -39,6 +39,13 @@ the key handle be supplied for each signature operation. U2F tokens
primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
standard specifies additional key types, including one based on Ed25519.
+Use of U2F security keys does not automatically imply multi-factor
+authentication. From sshd’s perspective, a security key constitutes a
+single factor of authentication, even if protected by a PIN or biometric
+authentication. To enable multi-factor authentication in ssh, please
+refer to the AuthenticationMethods option in sshd_config(5).
+
+
SSH U2F Key formats
-------------------
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list