Hi,
This is a port of (originally) https://github.com/Yubico/libfido2
- but temporarily using my forked repository at
https://github.com/djm-google/libfido2 that has a couple of extra
pieces: OpenBSD support and a small extra library that OpenSSH can now
use to talk to U2F tokens. I have PRs pending for both of these so
I hope that I can point the port back to the upstream repository soon.
This port depends on the libcbor port that I sent a moment ago, and
all my caveats about being rusty wrt porting stuff applies.
ok?
If you're interested in using the new U2F support in OpenSSH and
you're running -current, then after installing this port and applying
patrick@'s uhid patch (on tech@) you should be able to do stuff like:
$ # Tell OpenSSH to use this library to talk to U2F devices
$ export SSH_SK_PROVIDER=/usr/local/lib/libsk-libfido2.so
$ # Generate a key
$ ssh-keygen -t ecdsa-sk
$ cat ~/.ssh/id_ecdsa_sk.pub
From there you have a public key that you can use as normal on
(-current) sshd, i.e. copying it to ~/.ssh/authorized_keys, etc.
When you run ssh to log in, you must also ensure it get either the
SSH_SK_PROVIDER environment variable or the equivalent
SecurityKeyProvider config item, and you must tap your key to authorise
the signature.
I'd very much like to hear your feedback
-d
No comments:
Post a Comment