search for: oresident

Displaying 2 results from an estimated 2 matches for "oresident".

Did you mean: president
2019 Dec 31
2
u2f seed
When using openssh with a u2f key, you generate a key via: ssh-keygen -t ecdsa-sk Each time you run it, it gives a different key pair. (Randomly seeming). A differently generated key pair is not valid with the first's public key. All good so far, but you run into a problem if: You generate a keypair (A). You register your public key for (A) on a bunch of ssh servers. You take
2020 Jan 02
4
u2f seed
...ing support for these in OpenSSH last week. To use them, you'll need a FIDO2 token that support resident keys. You'll also need to set a PIN on the token, as retrieving the keys requires authentication. Once you've done this, you can generate a resident key by running "ssh-keygen -Oresident -t ecdsa-sk" (along with any other usual options). You'll get back a keypair that you can use exactly like any other, but you'll also be able to download it again from the token if you move it to another host. At present the only way I've implemented so far is via "ssh-add -O...