|
|
|
|
|
|
by jcalvinowens
58 days ago
|
|
|
This could make real sense for ssh host keys, since they need to be used without presence and they're generally tied to the lifetime of the machine anyway. I saw a write up where someone successfully got sshd to use a host key from a fido2 yubikey without touch, but I can't find it... As far as "TPM vs HSM", it is soooo much simpler to make a key pair with a fido2 hardware key: ssh-keygen -t ed25519-sk -O resident -O verify-required -C "your_email@example.com"
You can get them for <$30. |
|
|