mirror of
git://anongit.mindrot.org/openssh.git
synced 2024-12-22 10:00:14 +00:00
upstream: SSH U2F keys can now be used as host keys. Fix a garden
path sentence. ok markus@ OpenBSD-Commit-ID: 67d7971ca1a020acd6c151426c54bd29d784bd6b
This commit is contained in:
naddy@openbsd.org
Damien Miller
parent
68010acbcf
commit
416f15372b
@ -37,7 +37,7 @@ hardware, thus requiring little on-device storage for an effectively
|
||||
unlimited number of supported keys. This drives the requirement that
|
||||
the key handle be supplied for each signature operation. U2F tokens
|
||||
primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
|
||||
standard specified additional key types include one based on Ed25519.
|
||||
standard specifies additional key types, including one based on Ed25519.
|
||||
|
||||
SSH U2F Key formats
|
||||
-------------------
|
||||
@ -49,10 +49,6 @@ OpenSSH integrates U2F as new key and corresponding certificate types:
|
||||
sk-ssh-ed25519@openssh.com
|
||||
sk-ssh-ed25519-cert-v01@openssh.com
|
||||
|
||||
These key types are supported only for user authentication with the
|
||||
"publickey" method. They are not used for host-based user authentication
|
||||
or server host key authentication.
|
||||
|
||||
While each uses ecdsa-sha256-nistp256 as the underlying signature primitive,
|
||||
keys require extra information in the public and private keys, and in
|
||||
the signature object itself. As such they cannot be made compatible with
|
||||
|
||||
Loading…
Reference in New Issue
Block a user