OpenSSH support for FIDO RSA keys

Jan Schermer jan at
Thu Aug 19 19:25:03 AEST 2021

I would like to deploy FIDO for SSH. I wanted to leverage Windows Hello on Windows clients as FIDO backend (so that I don’t have to buy hw tokens for everyone and for convenience), but evidently my TPM flavor doesn’t support ECDSA, only RSA.

Would it be possible to extend OpenSSH support to include “rsa-sk” keys?

Not sure what the process is, but could development of it be sponsored?

Thank you

More information about the openssh-unix-dev mailing list