Hacker News new | ask | show | jobs
by webstrand 181 days ago
I just use -sk variants with a FIDO authenticator. Being able to port the keys to another trusted machine (i.e. replacing a computer) if I need to is nice. And it's as secure as a secure enclave.

I do prefer to use a unique key for every (local, remote) pair though. It makes revocation more straightforward.
1 comments
OptionOfT 181 days ago
My main blocker on using `-sk` keys is the fact that I can't get them to work on WSL on Windows.
link
webstrand 181 days ago
Oh, if I recall WSL is a Ubuntu VM running on top of Windows, so you'd need to configure USB forwarding for your security key.

Or run ssh-agent on the windows side and forward it into the VM?

link