twisted
twisted copied to clipboard
Add support for FIDO2 pubkey auth for SSH server
This is to implement the userauth server-side of https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f
The security key (sk-) implementation is for now only OpenSSH specific.
The GitHub.com server (SSH-2.0-babeld-70f1bac9 but maybe OpenSSH in the backend) also supports it.
For the scope of this ticket, my plan is to have support only for:
This means:
- Load public blob
- validate signature
Certificates are out of scope. WebAuthN is out of scope.
In the past, getting yubikey to work with SSH was a pain via PGP or SmartCard
With this, OpenSSH has direct access to the fido2 keys.