libfido2
openssh-sk-winhello
libfido2 | openssh-sk-winhello | |
---|---|---|
6 | 7 | |
549 | 183 | |
2.2% | - | |
8.6 | 0.0 | |
11 days ago | almost 2 years ago | |
C | C | |
GNU General Public License v3.0 or later | GNU Lesser General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libfido2
-
Yubikey for GPG on Void Linux
udev? yeah you should check that. https://github.com/Yubico/libfido2/blob/main/udev/70-u2f.rules Reload the udev rules after you change them if you do change them, and unplug the device, wait 15 seconds, plug it in again.
-
Measure to increase security of portfolio accounts
It's not extremely difficult at all to implement these! Heck, even at Google we use LibFido2 which is a free-to-use library (you can find it here if you want: https://github.com/Yubico/libfido2). Of course Google's version is a bit different and the creator of LibFido2 now works here, but all of these 2FA methods aren't particularly difficult to implement in the sense that most of the work (libraries, standards, exact specifications) is already done.
-
Good to see rubygems.org introduce hardware security token & Passkey support
It could be possible yes. Libraries like https://github.com/Yubico/libfido2 already abstract away external keys (via CTAP) and the Windows WebAuthn API, which allows you to use Windows Hello for signing in using eg a Logitech Brio webcam.
-
All You Need to Know FIDO2 & Passwordless Authentication
https://fidoalliance.org https://loginwithfido.com https://w3.org/TR/webauthn-2/ https://fidoalliance.org/specs/fido-v2.1-ps-20210615/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html https://github.com/yubico/Python-Fido2 https://github.com/yubico/libfido2
-
how are you dealing with "passkeys" rollout?
They suggest using this libfido2 library to connect with the hardware devices. I don't really know much about OSS licenses and which are the most "free" so you'll have to decide that for yourself.
- Bundled version of OpenSSH with macOS Monterey doesn't support FIDO2 yubikeys
openssh-sk-winhello
-
Use TouchID to Authenticate Sudo on macOS
For Windows, it seems it's possible[0, see footnote], however there are problems like general incompatibilities [1], and official support status is " We have this in our backlog. At this point it's not prioritized.".
0: https://github.com/tavrez/openssh-sk-winhello
0.footnote: "Windows Hello also supports other types of authenticators like internal TPM device(if they support generating ECDSA or Ed25519 keys, they can be used instead of FIDO/U2F security keys)."
1: https://github.com/tavrez/openssh-sk-winhello/issues
2: https://github.com/PowerShell/Win32-OpenSSH/issues/1804#issu...
-
Hardening SSH
Awesome article! Also found this tool (tavrez/OpenSsh-sk-winhello) for windows that lets you do this without admin access
-
[QUESTION] Is there a best way to manage multiple SSH on multiple Yubikeys?
Which is also how they are generated when retrieving them on a new computer via ssh-keygen -K since I used the application=ssh:yubikey_5 flag when first generating them. So something like ssh-keygen -t ed25519-sk -O resident -O application=ssh:yubikey_5c, but because I am on Windows I also had the -w winhello.dll flag (In case anyone stumbles on this question)
-
Using Yubikey FIDO with ssh-agent on macOS?
This is what i used but YMMV https://github.com/tavrez/openssh-sk-winhello/releases/tag/v2.0.0
-
Tell HN: GitHub no longer supporting unauthenticated `git://`
> Because AFAIK, (Fido) yubikey support is still missing.
Correct, hopefully Microsoft will provide an updated SSH client soon. It only requires recompiling OpenSSH with the correct flags.
Alternatively, use these build instruction for openssh with FIDO for windows:
https://gist.github.com/martelletto/6a7cf806c6433ac9ce71d66a...
> Using either the PKCS#11 support or the gpg applet requires some extra piece of software
For those wanting to do that, here are some ways:
Using a premade dll:
https://github-wiki-see.page/m/mooltipass/minible/wiki/Setti...
Or with a middleware:
https://github.com/mgbowen/windows-fido-bridge
Using the Hello API:
https://github.com/tavrez/openssh-sk-winhello
Given how many people came with their own ways, I believe there's enough demand for Microsoft to fix that.
- Unable to generate ssh sk keys on Windows 10
-
How often should I rotate my SSH keys?
My knowledge of WebAuthn is limited but their invocation of the relevant API seems like it should work for fingerprints also.
[1] https://github.com/tavrez/openssh-sk-winhello
What are some alternatives?
python-fido2 - Provides library functionality for FIDO 2.0, including communication with a device over USB.
windows-fido-bridge - An OpenSSH SK middleware that allows you to use a FIDO/U2F security key (e.g. a YubiKey) to SSH into a remote server from WSL or Cygwin.
fido2-net-lib - FIDO2 .NET library for FIDO2 / WebAuthn Attestation and Assertion using .NET
wsl2-ssh-pageant - bridge between windows pageant and wsl2
mkinitcpio-ykfde - Full disk encryption with Yubikey (Yubico key)
secretive - Store SSH keys in the Secure Enclave
OpenSK - OpenSK is an open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.
sekey - Use Touch ID / Secure Enclave for SSH Authentication!
glewlwyd - Experimental Single Sign On server, OAuth2, Openid Connect, multiple factor authentication with, HOTP/TOTP, FIDO2, TLS Certificates, etc. extensible via plugins
Win32-OpenSSH - Win32 port of OpenSSH
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
authorized_keys - Scripts to manage many-to-many SSH access