SoftU2F-Win VS openssh-sk-winhello

Compare SoftU2F-Win vs openssh-sk-winhello and see what are their differences.

SoftU2F-Win

Software U2F authenticator for Windows (by Watfaq)
Windows fido-u2f Cryptography u2f-authenticator Driver
Source Code
Suggest alternative
Edit details

openssh-sk-winhello

A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API (by tavrez)
u2f-keys fido Windows Openssh native-windows Fido2 security-key fido-u2f
Source Code
Suggest alternative
Edit details
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured
SoftU2F-Win openssh-sk-winhello
1 7
64 183
- -
3.3 0.0
4 months ago almost 2 years ago
C C
The Unlicense GNU Lesser General Public License v3.0 only
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

SoftU2F-Win

Posts with mentions or reviews of SoftU2F-Win. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-12-11.
  • On-device WebAuthn and what makes it hard to do well
    7 projects | news.ycombinator.com | 11 Dec 2022
    It's been a few years, but the main references I remember using:

    1. Windows: https://github.com/frankmorgner/vsmartcard/tree/master/virtu..., which is a fix-up of the older https://www.codeproject.com/Articles/134010/An-UMDF-Driver-f..., and https://github.com/Watfaq/SoftU2F-Win/tree/master/SoftU2FDri.... Note that neither of these actually implement CTAP2.

    2. Linux: There's plenty to refer to on HID gadgets, but https://blog.hansenpartnership.com/webauthn-in-linux-with-a-... and the code at https://git.kernel.org/pub/scm/linux/kernel/git/jejb/fido2-c... were my entrypoint.

    3. Mac: I ended up not implementing a Mac version, but GitHub themselves used to support a CTAP1/U2F software authenticator, now archived at https://github.com/github/SoftU2F. I was going to work from that.

    For the service I looked at different software "devices" interfacing with these kinds of drivers (or just the browser directly in Firefox's case).

    1. Generic NIST SP 800-73 PIV: https://github.com/CCob/PIVert. Very limited scope, pentest tool with no extraneous features. It uses the BixVReader driver.

openssh-sk-winhello

Posts with mentions or reviews of openssh-sk-winhello. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-08-26.
  • Use TouchID to Authenticate Sudo on macOS
    11 projects | news.ycombinator.com | 26 Aug 2022
    For Windows, it seems it's possible[0, see footnote], however there are problems like general incompatibilities [1], and official support status is " We have this in our backlog. At this point it's not prioritized.".

    0: https://github.com/tavrez/openssh-sk-winhello

    0.footnote: "Windows Hello also supports other types of authenticators like internal TPM device(if they support generating ECDSA or Ed25519 keys, they can be used instead of FIDO/U2F security keys)."

    1: https://github.com/tavrez/openssh-sk-winhello/issues

    2: https://github.com/PowerShell/Win32-OpenSSH/issues/1804#issu...

  • Hardening SSH
    2 projects | /r/programming | 5 Aug 2022
    Awesome article! Also found this tool (tavrez/OpenSsh-sk-winhello) for windows that lets you do this without admin access
  • [QUESTION] Is there a best way to manage multiple SSH on multiple Yubikeys?
    1 project | /r/yubikey | 1 Jun 2022
    Which is also how they are generated when retrieving them on a new computer via ssh-keygen -K since I used the application=ssh:yubikey_5 flag when first generating them. So something like ssh-keygen -t ed25519-sk -O resident -O application=ssh:yubikey_5c, but because I am on Windows I also had the -w winhello.dll flag (In case anyone stumbles on this question)
  • Using Yubikey FIDO with ssh-agent on macOS?
    1 project | /r/yubikey | 13 Apr 2022
    This is what i used but YMMV https://github.com/tavrez/openssh-sk-winhello/releases/tag/v2.0.0
  • Tell HN: GitHub no longer supporting unauthenticated `git://`
    10 projects | news.ycombinator.com | 11 Jan 2022
    > Because AFAIK, (Fido) yubikey support is still missing.

    Correct, hopefully Microsoft will provide an updated SSH client soon. It only requires recompiling OpenSSH with the correct flags.

    Alternatively, use these build instruction for openssh with FIDO for windows:

    https://gist.github.com/martelletto/6a7cf806c6433ac9ce71d66a...

    > Using either the PKCS#11 support or the gpg applet requires some extra piece of software

    For those wanting to do that, here are some ways:

    Using a premade dll:

    https://github-wiki-see.page/m/mooltipass/minible/wiki/Setti...

    Or with a middleware:

    https://github.com/mgbowen/windows-fido-bridge

    Using the Hello API:

    https://github.com/tavrez/openssh-sk-winhello

    Given how many people came with their own ways, I believe there's enough demand for Microsoft to fix that.

  • Unable to generate ssh sk keys on Windows 10
    1 project | /r/yubikey | 4 Jul 2021
  • How often should I rotate my SSH keys?
    8 projects | news.ycombinator.com | 25 Feb 2021
    My knowledge of WebAuthn is limited but their invocation of the relevant API seems like it should work for fingerprints also.

    [1] https://github.com/tavrez/openssh-sk-winhello

What are some alternatives?

When comparing SoftU2F-Win and openssh-sk-winhello you can also consider the following projects:

virtual-fido - A Virtual FIDO2 USB Device

libfido2 - Provides library functionality for FIDO2, including communication with a device over USB or NFC.

SoftU2F - Software U2F authenticator for macOS

windows-fido-bridge - An OpenSSH SK middleware that allows you to use a FIDO/U2F security key (e.g. a YubiKey) to SSH into a remote server from WSL or Cygwin.

tpm-fido - A WebAuthn/U2F token protected by a TPM (Go/Linux)

wsl2-ssh-pageant - bridge between windows pageant and wsl2

softfido - A software FIDO2/U2F authenticator

secretive - Store SSH keys in the Secure Enclave

vsmartcard - umbrella project for emulation of smart card readers or smart cards

sekey - Use Touch ID / Secure Enclave for SSH Authentication!

Win32-OpenSSH - Win32 port of OpenSSH

bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function

SoftU2F-Win vs virtual-fido openssh-sk-winhello vs libfido2 SoftU2F-Win vs SoftU2F openssh-sk-winhello vs windows-fido-bridge SoftU2F-Win vs tpm-fido openssh-sk-winhello vs wsl2-ssh-pageant SoftU2F-Win vs softfido openssh-sk-winhello vs secretive SoftU2F-Win vs vsmartcard openssh-sk-winhello vs sekey openssh-sk-winhello vs Win32-OpenSSH openssh-sk-winhello vs bless
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
SaaSHub - Software Alternatives and Reviews
SaaSHub helps you find the best software and product alternatives
www.saashub.com
featured