u2f seed

James Bottomley James.Bottomley at HansenPartnership.com
Fri Jan 3 12:51:28 AEDT 2020

On Thu, 2020-01-02 at 23:35 +0000, Fox, Kevin M wrote:
> From my understanding, somehow a website talking through the web
> browser is able to get the same keypair used no matter which computer
> the keyfob is plugged into.

That's right ... there wouldn't be much use to the token otherwise.

>  I'm wondering if we can use the same mechanism there. If application
> is part of the process, maybe allowing the application to be
> specified by the user rather then being randomly generated by openssh
> would be enough?

To operate like a website, you need the two stage registration then
login/authentication process.

When you register with a U2F CTAP token, the registration info that
must be stored by the remote website includes a 'key handle'.  In most
of the implementations, the key handle is, in fact, a wrapped key which
can be unwrapped by the token.  So on Login (or Authentication in the
FIDO speak), the website presents they key handle and some parameters
(including origin information) which are validated and if the
validation passes, the token unwraps the key handle to get the website
unique key and signs the challenge combined with a key or token unique
counter and returns the signature and the counter value, which is used
by the remote site to verify the login.

To get this to work with ssh, you need something that corresponds to
the data that is stored on registration.  My understanding of the way
ssh works is that we don't really have that ... the server expects you
to sign a challenge which it then compares with your remote public key.
 There's nothing the remote server initially passes back to the local
that would allow the U2F token to use as a key handle ... at least not
without significantly altering the current protocol.


More information about the openssh-unix-dev mailing list