Displaying 20 results from an estimated 8000 matches similar to: "Automatic FIDO2 key negotiation (request for comments)"
2020 Jul 26
2
Automatic FIDO2 key negotiation (request for comments)
On Tue, 2020-07-21 at 14:47 +1000, Damien Miller wrote:
> On Mon, 20 Jul 2020, Jordan J wrote:
[...]
> > Firstly, would the following or some combination thereof be
> > possible or is there an obvious impediment. Secondly, if it proved
> > possible are the maintainers open to a patch providing it?
> >
> > 1. Update the SSH ecdsa-sk public key type to contain the
2019 Dec 07
2
Agent protocol changes related to U2F/FIDO2 keys
I spent some time today implementing support for loading U2F keys into the SSH agent from my AsyncSSH library. I got it working, but along the way I ran into a few issues I wanted to report:
First, it looks like the value of SSH_AGENT_CONSTRAIN_EXTENSION has changed from the value 3 defined at https://tools.ietf.org/html/draft-miller-ssh-agent-02
2020 Sep 04
3
Incomplete attestation data for FIDO2 SKs?
I was recently looking at verifying the attestation data
(ssh-sk-attest-v00) for a SK key, but I believe the data saved in this
structure is insufficient for completing verification of the attestation.
While the structure has enough information for U2F devices, FIDO2 devices
sign their attestation over a richer "authData" blob [1] (concatenated with
the challenge hash). The authData blob
2024 Oct 29
5
[Bug 3748] New: "webauthn-sk-ecdsa-sha2-nistp256@openssh.com" signature type not supported from ssh agent
https://bugzilla.mindrot.org/show_bug.cgi?id=3748
Bug ID: 3748
Summary: "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com"
signature type not supported from ssh agent
Product: Portable OpenSSH
Version: 9.7p1
Hardware: 68k
OS: Mac OS X
Status: NEW
Severity: enhancement
2019 Dec 03
2
U2F support in OpenSSH HEAD
Hi Damien,
On Nov 14, 2019, at 3:26 PM, Damien Miller <djm at mindrot.org> wrote:
> On Fri, 1 Nov 2019, Damien Miller wrote:
>> As of this morning, OpenSSH now has experimental U2F/FIDO support, with
>> U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com"
>> or "ecdsa-sk" for short (the "sk" stands for "security
2019 Dec 07
2
Another U2F documentation issue
Hello,
I forgot to mention one other issue in my previous e-mail about the ssh-agent documentation for U2F keys. Right now, https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.u2f <https://raw.githubusercontent.com/openssh/openssh-portable/master/PROTOCOL.u2f> has the following text:
> ssh-agent requires a protocol extension to support U2F keys. At
> present the
2020 Mar 05
3
Fwd: sk-api suggestions
Hello,
I'm helping the Git for windows team and contributing in git-for-windows
repository to help expand the OpenSSH support for fido2 devices on Windows.
Currently we are using your internal implementation(sk-usbhic.c) however
since Windows 10 version 1903 this requires administrator privileges.
I'm trying to create a module for OpenSSH to use webauthn.dll instead of
direct calling to
2020 Feb 22
0
LDAP Account Manager 7.1.RC1 with Webauthn/FIDO2 and AD LDS support
Announcement:
-------------
The 2-factor authentication was extended with Webauthn/FIDO2. You can
manage AD LDS users and groups (LAM Pro).
This is a test release. Please report any issues till 2020-03-06.
Full changelog:
https://www.ldap-account-manager.org/lamcms/changelog
Download:
https://www.ldap-account-manager.org/lamcms/releases
Features:
---------
* management of various account
2020 Mar 17
0
LDAP Account Manager 7.1 with Webauthn/FIDO2 and AD LDS support
Announcement:
-------------
The 2-factor authentication was extended with Webauthn/FIDO2. You can
manage AD LDS users and groups (LAM Pro).
Full changelog:
https://www.ldap-account-manager.org/lamcms/changelog
Download:
https://www.ldap-account-manager.org/lamcms/releases
Features:
---------
* management of various account types
* Unix
* Samba 4/Active Directory
* Asterisk
* Kopano
*
2019 Nov 01
10
U2F support in OpenSSH HEAD
Hi,
As of this morning, OpenSSH now has experimental U2F/FIDO support, with
U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com"
or "ecdsa-sk" for short (the "sk" stands for "security key").
If you're not familiar with U2F, this is an open standard for making
inexpensive hardware security tokens. These are easily the cheapest way
2024 Oct 21
2
Security of ssh across a LAN, public key versus password
Stuart Henderson wrote:
>> This is why I push for challenge/response tokens, not simply
>> cert authentication, and really wish that FIDO (such as yubikey)
>> was an option, but the discussions I've seen about suporting
>> that have not been encouraging.
>
> hmm? That works pretty well in OpenSSH.
hmm, what I'm finding doesn't seem to use the FIDO
2020 Sep 20
13
Call for testing: OpenSSH 8.4
Hi,
OpenSSH 8.4p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2024 Dec 21
2
[PATCH 0/2] Fix Memory Management Issue in `ssh-sk-helper` with External SK Libraries
Hi,
Sometimes, users might find that the `ssh-sk-helper` crashes after
enrolling a new key when using external SK libraries.
Currently, the memory returned by SK APIs is freed by the host, but
external libraries may have their own methods of handling memory. For
instance some external libraries are linked against a foreign libc
statically. As a result, the `ssh-sk-helper` would have issues if
2020 Feb 06
2
Building libsk-libfido2.so?
I updated to the latest versions of libfido2 and openssh-portable tonight, with an intention to test out the security key functionality and look closely at the changes over the last couple of months to see if I need to change anything in my AsyncSSH implementation to stay in sync. However, it seems that libfido2 no longer provides the ?libsk-libfido2.so? library that it used to. That was something
2019 Dec 31
2
u2f seed
When using openssh with a u2f key, you generate a key via:
ssh-keygen -t ecdsa-sk
Each time you run it, it gives a different key pair. (Randomly seeming).
A differently generated key pair is not valid with the first's public key.
All good so far, but you run into a problem if:
You generate a keypair (A).
You register your public key for (A) on a bunch of ssh servers.
You take
2014 Dec 14
2
[PATCH] Early request for comments: U2F authentication
> I?ve spent some time (together with Christian and Thomas) hacking on
> U2F support in OpenSSH, and I?m happy to provide a first patch ? it?s
> not complete, but it should be good enough to get the discussion going
> :). Please see the two attached files for the patch.
This is great - I'm looking forward to it! :)
I've implemented U2F into another (C-based) application these
2019 Nov 15
2
U2F support in OpenSSH HEAD
On Fri, 15 Nov 2019, Damien Miller wrote:
> On Fri, 1 Nov 2019, Damien Miller wrote:
>
> > Hi,
> >
> > As of this morning, OpenSSH now has experimental U2F/FIDO support, with
> > U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com"
> > or "ecdsa-sk" for short (the "sk" stands for "security key").
2014 Jan 10
4
[PATCH] Add a minimal hive with "special" keys and values
---
images/README | 15 +++++++++++++++
images/mkzero/Makefile | 7 +++++++
images/mkzero/mkzero.c | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
images/special | Bin 0 -> 8192 bytes
4 files changed, 70 insertions(+)
create mode 100644 images/mkzero/Makefile
create mode 100644 images/mkzero/mkzero.c
create mode 100644 images/special
diff --git a/images/README
2014 Jan 10
14
[PATCH 1/7] Add a minimal hive with "special" keys and values
---
images/README | 14 ++++++++++++
images/mkzero/Makefile | 9 ++++++++
images/mkzero/mkzero.c | 59 +++++++++++++++++++++++++++++++++++++++++++++++++
images/special | Bin 0 -> 8192 bytes
4 files changed, 82 insertions(+)
create mode 100644 images/mkzero/Makefile
create mode 100644 images/mkzero/mkzero.c
create mode 100644 images/special
diff --git a/images/README
2019 Nov 15
2
U2F support in OpenSSH HEAD
On 2019-11-14, Damien Miller <djm at mindrot.org> wrote:
> Please give this a try - security key support is a substantial change and
> it really needs testing ahead of the next release.
Hi Damien,
Thanks for working on security key support, this is a really nice
feature to have in openssh.
My non-FIDO2 security key (YubiKey NEO) doesn't work with the latest
changes to openssh