Displaying 20 results from an estimated 5000 matches similar to: "help wanted: update ssh-askpass programs for new U2F / prompt hints"
2019 Nov 20
2
help wanted: update ssh-askpass programs for new U2F / prompt hints
My website has fallen off the web. This is a good time for someone else to take over the code for x11-ssh-askpass, as I've not done anything with it for years. I have the original code somewhere if needed, but I think Debian has mirrored it for some time.
--
jim knoble
> On Nov 18, 2019, at 01:49, Jakub Jelen <jjelen at redhat.com> wrote:
>
>> On Mon, 2019-11-18 at 16:19
2011 Feb 24
1
ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
I just opened a bug report about this, but i thought i'd bring it to the
group if anyone has any concerns about the idea:
https://bugzilla.mindrot.org/show_bug.cgi?id=1871
currently, ssh-askpass is used in some situations to actually ask the
user for a passphrase.
in other situations, it is used to prompt for simple confirmation (e.g.
ControlMaster=ask, ssh-add -c).
Providing the exact
2011 Feb 24
3
[Bug 1871] New: ssh-askpass should be able to distinguish between a prompt for confirmation and a prompt for an actual passphrase
https://bugzilla.mindrot.org/show_bug.cgi?id=1871
Summary: ssh-askpass should be able to distinguish between a
prompt for confirmation and a prompt for an actual
passphrase
Product: Portable OpenSSH
Version: 5.8p1
Platform: All
OS/Version: All
Status: NEW
Severity: normal
2019 Nov 01
10
U2F support in OpenSSH HEAD
Hi,
As of this morning, OpenSSH now has experimental U2F/FIDO support, with
U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com"
or "ecdsa-sk" for short (the "sk" stands for "security key").
If you're not familiar with U2F, this is an open standard for making
inexpensive hardware security tokens. These are easily the cheapest way
2020 Jan 03
2
u2f seed
On Fri, 3 Jan 2020, Christian Weisgerber wrote:
> David Lang:
>
>> not supporting authentication from multiple machines seems to defeat the
>> purpose of adding u2f support.
>
> It works just like other SSH key types. You have a private SSH key
> and a public one, and you can copy the private key to multiple
> machines or load it into ssh-agent and use agent
2014 Nov 05
2
[PATCH] Early request for comments: U2F authentication
Hey,
Recently, the FIDO alliance announced U2F [1], and Google announced
that it supports U2F tokens (?security keys?) for Google accounts [2].
As the spec is not a very short read, I gave a presentation last week
about U2F which may be a good quick introduction to the details [3].
For the rest of this mail, I?ll assume that you read either my
presentation or the spec, but feel free to post any
2020 Jan 02
4
u2f seed
In the u2f protocol, my understanding is in the normal case, the web browser seeds the keypair process with the hostname of the remote server. In the case of ssh, the hostname is probably not what I would want to do. But the u2f protocol seems to have a way to handle this. It just needs to be exposed to the user. The content of the private keyfile in ssh is generated somehow. Where is that done?
2020 Jan 03
5
u2f seed
How does a u2f website then authenticate the same user, with the same keyfob, on a different machine? If that actually works, then we should be able to use the same mechanism. Maybe it doesn't, and some people are going to be locked out of their account when their machine fails and they have to go to another one. portability was one of the selling points of u2f though I thought. Maybe I'll
2020 Jan 02
2
u2f seed
That sounds like the application param is still used as part of the process though? Would allowing the user to specify the application work in the Solokey case?
What is stored in the private keyfile? The documentation says no private key is stored there. So is it just information used to reseed the public/private key?
Thanks,
Kevin
________________________________________
From: openssh-unix-dev
2000 Oct 30
1
SSH-askpass - timeout possible?
Hello,
On my home PC, whch runs openssh with Jim Knoble's x11-ssh-askpass, I have
configured my Bash shell login script to prompt me for the passphrase. No
problem, however it waits during the login process for me to 'do something'
- i.e. enter a passphrase, cancel it or whatever. Is it possible to set a
timeout so that if, say, nothing occurs within a minute then it assumes no
2014 Dec 24
2
[PATCH] U2F support in OpenSSH
Hey,
Judging from the (private) responses I?ve got, there is quite a bit of
interest in the U2F feature I proposed a while ago. Therefore, I?ve taken
some time to resolve the remaining issues, and I think the resulting patch
(attached to this email) is in quite a good state now.
I also posted the new version of the patch to
https://bugzilla.mindrot.org/show_bug.cgi?id=2319 (which I?ve opened
2020 Jan 03
2
u2f seed
On Fri, 3 Jan 2020, Stuart Henderson wrote:
> As said in James Bottomley's message and djm's reply, doing similar in
> ssh is not possible without significantly changing the protocol:
>
> https://lists.mindrot.org/pipermail/openssh-unix-dev/2020-January/038092.html
so how does Google change the protocol to support u2f?
not supporting authentication from multiple machines
2019 Nov 02
2
U2F support in OpenSSH HEAD
I've had a patch on the bugzilla for a while related to U2F with
support for a few additional settings such as providing a path to a
specific key to use instead of the first one found and setting if user
presence is required when using the key. Is there any objection to
folding those parts in if appropriate?
Joseph, to offer comment on NIST P-256. There was originally quite a
limited subset
2019 Nov 15
2
U2F support in OpenSSH HEAD
On Fri, 15 Nov 2019, Damien Miller wrote:
> On Fri, 1 Nov 2019, Damien Miller wrote:
>
> > Hi,
> >
> > As of this morning, OpenSSH now has experimental U2F/FIDO support, with
> > U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com"
> > or "ecdsa-sk" for short (the "sk" stands for "security key").
2015 Feb 26
2
[PATCH] U2F support in OpenSSH
On Thu, Feb 26, 2015 at 8:44 AM, Damien Miller <djm at mindrot.org> wrote:
> On Thu, 26 Feb 2015, Michael Stapelberg wrote:
>
> > At this point it should be obvious, but let me state that I don?t have
> > motivation/time to spend on this right now, given that upstream shows
> > 0 interest in this at all :(.
>
> That's not how I recall it. When you
2019 Dec 07
2
Another U2F documentation issue
Hello,
I forgot to mention one other issue in my previous e-mail about the ssh-agent documentation for U2F keys. Right now, https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.u2f <https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.u2f> has the following text:
> ssh-agent requires a protocol extension to support U2F keys. At
> present the
2014 Dec 14
2
[PATCH] Early request for comments: U2F authentication
> I?ve spent some time (together with Christian and Thomas) hacking on
> U2F support in OpenSSH, and I?m happy to provide a first patch ? it?s
> not complete, but it should be good enough to get the discussion going
> :). Please see the two attached files for the patch.
This is great - I'm looking forward to it! :)
I've implemented U2F into another (C-based) application these
2014 Nov 18
55
[Bug 2319] New: [PATCH REVIEW] U2F authentication
https://bugzilla.mindrot.org/show_bug.cgi?id=2319
Bug ID: 2319
Summary: [PATCH REVIEW] U2F authentication
Product: Portable OpenSSH
Version: 6.7p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: Miscellaneous
Assignee: unassigned-bugs at
2019 Dec 31
2
u2f seed
When using openssh with a u2f key, you generate a key via:
ssh-keygen -t ecdsa-sk
Each time you run it, it gives a different key pair. (Randomly seeming).
A differently generated key pair is not valid with the first's public key.
All good so far, but you run into a problem if:
You generate a keypair (A).
You register your public key for (A) on a bunch of ssh servers.
You take
2020 Jan 02
2
u2f seed
>From my understanding, somehow a website talking through the web browser is able to get the same keypair used no matter which computer the keyfob is plugged into. I'm wondering if we can use the same mechanism there. If application is part of the process, maybe allowing the application to be specified by the user rather then being randomly generated by openssh would be enough?
Thanks,