Easily Using SSH with FIDO2/U2F Hardware Security Keys

www.complete.org

cross-posted to:
lobsters@lemmy.bestiver.se

Easily Using SSH with FIDO2/U2F Hardware Security Keys

www.complete.org

Resident Pulser@infosec.pubB to

Pulse of Truth@infosec.pubEnglish · 1 month ago

cross-posted to:
lobsters@lemmy.bestiver.se

A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess). So does OpenSSH. This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh. A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.

Comments

You must log in or # to comment.

Chat

Pulse of Truth@infosec.pub

pulse_of_truth@infosec.pub

Create a post

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !pulse_of_truth@infosec.pub

Cyber Security news and links to cyber security stories that could make you go hmmm. The content is exactly as it is consumed through RSS feeds and wont be edited (except for the occasional encoding errors).

This community is automagically fed by an instance of Dittybopper.

Visibility: Public

This community can be federated to other instances and be posted/commented in by their users.

88 users / day
300 users / week
859 users / month
1.01K users / 6 months
1 local subscriber
1.23K subscribers
262 Posts
152 Comments
Modlog

mods:
krogoth@infosec.pub