On Fri, 2020-05-15 at 09:22 -0700, [email protected] wrote: > Hi, > OpenSSH 8.2 (https://www.openssh.com/txt/release-8.2) supports > "ecdsa-sk" and "ed25519-sk” key types to support U2F/FIDO security > keys and I was wondering if libssh could support them, too? > For supporting them server-side, I think you'd just need to implement > the additional key types > > [email protected] > [email protected] > [email protected] > [email protected] > > …and parse their signature a bit differently from the normal ecdsa > and ed25519 signatures. E.g. they include an additional “counter" and > “user present” value. > > Details on the format are here: > https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f > > Let me know what you think.
The server side support is already in: https://bugs.libssh.org/rLIBSSH17b518a677c92d943cf016b81272ec10ee1ca368 Regards, -- Jakub Jelen Senior Software Engineer Security Technologies Red Hat, Inc.
