Easily Using SSH with FIDO2/U2F Hardware Security Keys

www.complete.org

cross-posted to:
pulse_of_truth@infosec.pub

Easily Using SSH with FIDO2/U2F Hardware Security Keys

www.complete.org

RSS Bot@lemmy.bestiver.seMB to Lobste.rs@lemmy.bestiver.seEnglish · 2 months ago

cross-posted to:
pulse_of_truth@infosec.pub

A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess). So does OpenSSH. This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh. A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.

Comments

You must log in or # to comment.

Chat

Lobste.rs@lemmy.bestiver.se

lobsters@lemmy.bestiver.se

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !lobsters@lemmy.bestiver.se

Community locked: only moderators can create posts. You can still comment on posts.

RSS Feed of lobste.rs

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

39 users / day
115 users / week
322 users / month
1.18K users / 6 months
1 local subscriber
208 subscribers
4.31K Posts
224 Comments
Modlog