Ross L Richardson:
> Question: Given that the private key file contains only a "key handle",
> what's the significance of setting a passphrase for it? Is there enough
> information in it for that to be considered a "factor" in multi-factor auth?
TL;DR: In practice, yes.
A U2F authenticator does
On Fri, Nov 15, 2019 at 08:45:23AM +1100, Damien Miller wrote:
> Hi,
>[...]
> Please test this thoroughly - it's a big change that we want to have
> stable before the next release.
>
> -d
>
Works well for me with an old (ECDSA-SK-only) Yubico Security Key.
Observation: I guess it's unavoidable,
On Fri, 15 Nov 2019 08:45:23 +1100 (AEDT), Damien Miller
wrote:
> Please test this thoroughly - it's a big change that we want to have
> stable before the next release.
Tested with a Solo key. Initially it had the firmware 2.0.0 and it
didn't work but updating to 3.0.0 made it work.
Cheers,
Dan
Testing as requested on amd64:
OpenBSD 6.6-current (GENERIC.MP) #467: Fri Nov 15 11:40:42 MST 2019
Using:
uhidev0 at uhub0 port 4 configuration 1 interface 0 "Yubico Security
Key by Yubico" rev 2.00/4.27 addr 7
Auth is working great with the key plugged in. With the key missing
the error reporting
Hi,
I just committed all the dependencies for OpenSSH security key (U2F)
support to base and tweaked OpenSSH to use them directly. This means
there will be no additional configuration hoops to jump through to use
U2F/FIDO2 security keys.
Hardware backed keys can be generated using "ssh-keygen -t
