Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for ed25519-sk SSH keys #8442

Open
manveru opened this issue May 2, 2024 · 0 comments
Open

Support for ed25519-sk SSH keys #8442

manveru opened this issue May 2, 2024 · 0 comments
Assignees
@u3s
Labels
enhancement team:PS Assigned to OTP team PS

Comments

@manveru
Copy link

manveru commented May 2, 2024

Is your feature request related to a problem? Please describe.

Currently the only key type for ed25519 that's supported for SSH is ssh-ed25519, which makes it impossible to use FIDO2 keys (like a Yubikey) to authenticate with the SSH server module.

Describe the solution you'd like

Please add support for the sk-ssh-ed25519@openssh.com key type.

Describe alternatives you've considered

For now I'll have to request my users to use other key types, but given the rising popularity of hardware keys this is not a very good option.

Additional context

The key type has been implemented in OpenSSH for over 4 years, current implementation is at https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/ssh-ed25519-sk.c?rev=1.15&content-type=text/x-cvsweb-markup&only_with_tag=MAIN
@u3s u3s added the team:PS Assigned to OTP team PS label May 2, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@u3s u3s

Labels
enhancement team:PS Assigned to OTP team PS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@manveru @u3s