u2f seed

Stuart Henderson stu at spacehopper.org
Sat Jan 4 03:38:12 AEDT 2020

On 2020/01/03 16:15, Fox, Kevin M wrote:
> How does a u2f website then authenticate the same user, with the same
> keyfob, on a different machine? If that actually works, then we should
> be able to use the same mechanism. Maybe it doesn't, and some people
> are going to be locked out of their account when their machine fails
> and they have to go to another one. portability was one of the selling
> points of u2f though I thought. Maybe I'll try and dig up the u2f spec
> and see if there is any detail in it.

With a website, the site can store information that is passed back via
the client's browser to use as a key handle.

As said in James Bottomley's message and djm's reply, doing similar in
ssh is not possible without significantly changing the protocol:


More information about the openssh-unix-dev mailing list