[an6n]

I was hoping for U2F but I guess it's not ready yet. :)

[feld]

Chrome has access to USB and its own code to handle U2F devices. This would require your SSH client to have the same capabilities.

This might work well on Linux/BSD machines, but likely not on OSX due to stagnant unix utility updates and Windows because... well, not a real Unix. Would probably require a heavy wrapper around Putty. Not sure if cygwin and friends would ever work either.

[aroch]

OSX supports PAM auth, U2F is just another kind of PAM. That's how I use my Yubikey.

[feld]

I was thinking that server side it was a PAM module, but client side it was not... for some bizarre reason.

So yeah, I suppose if your platform supports PAM this is feasible.

[forgottenpass]

Wouldn't that be more in the scope of PAM than an SSHd?

Edit: https://github.com/Yubico/pam-u2f

[secure]

Track https://bugzilla.mindrot.org/show_bug.cgi?id=2319

I worked on this for a while, but lost motivation because of the slow development speed. If you’re more motivated, you’re very welcome to pick up where I left and bring this to thousends of users :).