u2f seed
Stuart Henderson
stu at spacehopper.org
Sat Jan 4 03:38:12 AEDT 2020
On 2020/01/03 16:15, Fox, Kevin M wrote:
> How does a u2f website then authenticate the same user, with the same
> keyfob, on a different machine? If that actually works, then we should
> be able to use the same mechanism. Maybe it doesn't, and some people
> are going to be locked out of their account when their machine fails
> and they have to go to another one. portability was one of the selling
> points of u2f though I thought. Maybe I'll try and dig up the u2f spec
> and see if there is any detail in it.
With a website, the site can store information that is passed back via
the client's browser to use as a key handle.
As said in James Bottomley's message and djm's reply, doing similar in
ssh is not possible without significantly changing the protocol:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2020-January/038092.html
More information about the openssh-unix-dev
mailing list