|
|
|
|
|
|
by knorker
2178 days ago
|
|
|
Not only that, but there's billions of devices out there that don't support it. I can SSH to my AP, my home router, all routers at basically any ISP. None of those support this. Most of them probably never will, until they're thrown away and new ones bought in 5-10 years. Bottom line: This can't be your only key. So why bother? Why not use PIV mode/smartcard/other, which does work with every single one of these billions of devices, because they have no server-side requirements like these. |
|
|
Another tradeoff. Some users may be using a cheap or old token (without PIV support) or a token with a private key slot already used for something else. Now, with a software-only upgrade (on both SSH client and server), they can user their existing token for SSH authentication.