Nice. Where does the attestation data end up after "ssh-keygen -t ecdsa-sk"?
-
-
-
ATM nowhere, but it is plumbed back to ssh-keygen and do could be saved. Only problem is that we're out of getopt characters! Will need to reuse one...
- Još 4 druga odgovora
Novi razgovor -
-
-
I still desperately want an SSH standard for U2F passthrough to authenticate to sudo instead of having to use a central HOTP service
-
It might be possible via new ssh-agent requests, but I don't really want to encourage more people to forward their agents...
- Još 3 druga odgovora
Novi razgovor -
-
-
Nice. Though would it be somehow possible to "cache" to avoid tapping after every operation like when you use "ssh-add -t some_time"? I remember that having to enter passhprase after each use of PIV applet was pretty annoying.
-
Whether to require a tap per signature is an option that you can select a key generation time - it's not well documented yet, but you can use ssh-keygen -x 0 to disable it (though I haven't tested)
Kraj razgovora
Novi razgovor -
-
-
Awesome news, and setup sounds way better that pkcs11 key setup. Does this mean ecdsa-sk certificates are a thing now too?
-
They have been available since openssh-8.0 earlier this year
Kraj razgovora
Novi razgovor -
-
-
Has U2F become to SSL what FIDO2 is to TLS? In other words...is this actually U2F support or more general FIDO2 support that also supports U2F via backward compatibility?
-
It should support FIDO2 tokens in legacy mode. We're looking at utilising some of FIDO2's features (esp. resident keys) next
- Još 1 odgovor
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.