u2f seed
Damien Miller
djm at mindrot.org
Mon Jan 6 13:30:41 AEDT 2020
On Fri, 3 Jan 2020, David Lang wrote:
> On Fri, 3 Jan 2020, Christian Weisgerber wrote:
>
> > David Lang:
> >
> > > not supporting authentication from multiple machines seems to defeat the
> > > purpose of adding u2f support.
> >
> > It works just like other SSH key types. You have a private SSH key
> > and a public one, and you can copy the private key to multiple
> > machines or load it into ssh-agent and use agent forwarding.
> >
> > The only difference is that the private SSH key on its own is
> > insufficient and requires the cooperation of the FIDO/U2F authenticator.
>
> part of the value of u2f is that there is not anything that you need to
> install on every system.
Well, see what I said earlier about resident keys. If you have a FIDO2 token
and generate a resident key then you don't need to pre-arrange anything.
> As I said, Google has a modified sshd that they use with u2f keys that does
> not require anything be copied or stored on the client machine.
I'm fairly sure that this isn't the case. Can you point me at some
documentation of this?
-d
More information about the openssh-unix-dev
mailing list