Automatic FIDO2 key negotiation (request for comments)

James Bottomley James.Bottomley at
Mon Jul 27 02:34:04 AEST 2020

On Tue, 2020-07-21 at 14:47 +1000, Damien Miller wrote:
> On Mon, 20 Jul 2020, Jordan J wrote:
> > Firstly, would the following or some combination thereof be
> > possible or is there an obvious impediment. Secondly, if it proved
> > possible are the maintainers open to a patch providing it?
> > 
> > 1. Update the SSH ecdsa-sk public key type to contain the
> > key_handle and other relevant details (it doesn't contain sensitive
> > information or accessible key material so this is safe to do)
> > 2. Add a method to send a list of understood *-sk" publickeys from
> > authorized_keys to the client
> I'm not keen on making the public keys contain the key handle. IMO
> being able to offer some protection of the key handle on disk by
> setting a password on the key is valuable and we'd lose that if
> everything were public by default.

Your worry is that webauthn isn't true two factor because it's only
based on a thing you possess rather than both a thing you know and a
thing you possess?  I agree, I've always thought the ability to steal
someone's token was a big flaw in the scheme.  However, it is trivially
fixable: if you encrypt the fido key handle with a passphrase before
sending it to the remote then even if I steal your token, I still can't
use it to access your account because when the remote presents the
encrypted key handle I don't know the passphrase to decrypt it.

This double encryption scheme should work for openssh public keys
containing the key handle as well.  The only drawback is that to change
the passphrase you now have to change every public key in every account
you possess.


More information about the openssh-unix-dev mailing list