[PATCH] U2F support in OpenSSH

Michael Stapelberg stapelberg+openssh at google.com
Fri Feb 27 02:53:43 AEDT 2015

On Thu, Feb 26, 2015 at 7:33 AM, Peter Stuge <peter at stuge.se> wrote:

> Michael Stapelberg wrote:
> > At this point it should be obvious, but let me state that I don’t have
> > motivation/time to spend on this right now, given that upstream shows 0
> > interest in this at all :(
> What do you expect? It's a significant change, a seemingly convoluted
> specification and there was no discussion with upstream before
> embarking on the project.

I agree that it’s a significant change.

With regards to discussion with upstream: before my first post, I looked
for any sort of contributor guidelines on the openssh.org website and
couldn’t find anything. Without any guidelines to go on, my default
approach is to contact upstream by sending a patch, demonstrating the
feasibility of what I’m suggesting.

If this is not the way OpenSSH works, it’s worth documenting that somewhere
prominent, so that new contributors are made aware of that. GitHub for
example promotes a special file called CONTRIBUTING.md:

With regards to what I expect: regardless of how I initially contacted
upstream, I still think that not even getting as much as “Oh, I can imagine
we would like to eventually merge this, please give me a month to get back
to you” from upstream is very discouraging. I also want to point out that I
have sent my first initial request for comments on 2014-11-05, which by now
is almost 4 months ago. I do understand and acknowledge that we are all
busy people with little time, but from what I can tell upstream’s opinion
might as well be “this will never get in”, and then I’d just be wasting my

I hope what I just wrote makes some sense (if not, please ask for
clarifications!) and doesn’t offend any of the project members. I wrote it
with the best of intentions, and I really think that the OpenSSH project
should improve in such a situation as the one we’re talking about.

> > Hence, any help on this is welcome.
> FWIW, if u2f must not be the sole authentication then that should of
> course be checked by the code.
> //Peter
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list