search for: work_ed25519_sk

Displaying 2 results from an estimated 2 matches for "work_ed25519_sk".

2024 Oct 21
1
Security of ssh across a LAN, public key versus password
...tiple sk keys, eg you might want a different key per job. You do need to export part of the private key onto the client node: `ssh-keygen -K` covers this. Then a typical workflow for me involves signing some other key which will be used for certificate authentication: ``` ssh-keygen -s ~/.ssh/sk/work_ed25519_sk -I tim@<localhost> -n work -V -5m:+8h ~/.ssh/certkeys/work_ed25519 ``` That creates a cert which will be valid for eight hours. The remote servers are configured to accept certs signed by my yubikey together with the principal name of "work". The benefit of this approach is the ce...
2024 Oct 21
2
Security of ssh across a LAN, public key versus password
Stuart Henderson wrote: >> This is why I push for challenge/response tokens, not simply >> cert authentication, and really wish that FIDO (such as yubikey) >> was an option, but the discussions I've seen about suporting >> that have not been encouraging. > > hmm? That works pretty well in OpenSSH. hmm, what I'm finding doesn't seem to use the FIDO