|
|
|
|
|
|
by tialaramex
2662 days ago
|
|
|
(Editing to point out that this is an elaboration, not a correction. ie here is why this doesn't work) The things a FIDO token / Security Key knows how to do are not really sufficient to authenticate with SSH public key Auth mode. Specifically FIDO tokens know how to magically create a new public key and a cookie and promise they can subsequently sign specific messages that prove they know the private key if given back the cookie. This is a very narrow feature set, deliberately to support the U2F / WebAuthn process only. Someone could add a completely new SSH Auth method that works with this but the existing SSH public key method requires that you start by claiming "Hey, I know this key, can that work?". Whereas a FIDO token may not (and yours doesn't) even be able to tell anyone which keys it "knows" (because in fact it doesn't really know them at all, they are effectively encrypted inside the cookies it relies on, but only it knows how to decrypt those!). |
|
|