openssh-sk-winhello
authorized_keys
openssh-sk-winhello | authorized_keys | |
---|---|---|
7 | 1 | |
181 | 1 | |
- | - | |
0.0 | 0.0 | |
over 1 year ago | almost 2 years ago | |
C | Shell | |
GNU Lesser General Public License v3.0 only | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
openssh-sk-winhello
-
Use TouchID to Authenticate Sudo on macOS
For Windows, it seems it's possible[0, see footnote], however there are problems like general incompatibilities [1], and official support status is " We have this in our backlog. At this point it's not prioritized.".
0: https://github.com/tavrez/openssh-sk-winhello
0.footnote: "Windows Hello also supports other types of authenticators like internal TPM device(if they support generating ECDSA or Ed25519 keys, they can be used instead of FIDO/U2F security keys)."
1: https://github.com/tavrez/openssh-sk-winhello/issues
2: https://github.com/PowerShell/Win32-OpenSSH/issues/1804#issu...
-
Hardening SSH
Awesome article! Also found this tool (tavrez/OpenSsh-sk-winhello) for windows that lets you do this without admin access
-
[QUESTION] Is there a best way to manage multiple SSH on multiple Yubikeys?
Which is also how they are generated when retrieving them on a new computer via ssh-keygen -K since I used the application=ssh:yubikey_5 flag when first generating them. So something like ssh-keygen -t ed25519-sk -O resident -O application=ssh:yubikey_5c, but because I am on Windows I also had the -w winhello.dll flag (In case anyone stumbles on this question)
-
Using Yubikey FIDO with ssh-agent on macOS?
This is what i used but YMMV https://github.com/tavrez/openssh-sk-winhello/releases/tag/v2.0.0
-
Tell HN: GitHub no longer supporting unauthenticated `git://`
> Because AFAIK, (Fido) yubikey support is still missing.
Correct, hopefully Microsoft will provide an updated SSH client soon. It only requires recompiling OpenSSH with the correct flags.
Alternatively, use these build instruction for openssh with FIDO for windows:
https://gist.github.com/martelletto/6a7cf806c6433ac9ce71d66a...
> Using either the PKCS#11 support or the gpg applet requires some extra piece of software
For those wanting to do that, here are some ways:
Using a premade dll:
https://github-wiki-see.page/m/mooltipass/minible/wiki/Setti...
Or with a middleware:
https://github.com/mgbowen/windows-fido-bridge
Using the Hello API:
https://github.com/tavrez/openssh-sk-winhello
Given how many people came with their own ways, I believe there's enough demand for Microsoft to fix that.
- Unable to generate ssh sk keys on Windows 10
-
How often should I rotate my SSH keys?
My knowledge of WebAuthn is limited but their invocation of the relevant API seems like it should work for fingerprints also.
[1] https://github.com/tavrez/openssh-sk-winhello
authorized_keys
-
How often should I rotate my SSH keys?
Definitely not appropriate for protecting Real Infrastructure, but for my handful of personal machines I put my authorized keys in a Google Doc and configure hosts to download it using `AuthorizedKeysCommand`.
I have a hardware-backed "doomsday key" to use if the Google Doc stops working.
Writeup and script at https://github.com/mmdriley/authorized_keys
What are some alternatives?
libfido2 - Provides library functionality for FIDO2, including communication with a device over USB or NFC.
secretive - Store SSH keys in the Secure Enclave
windows-fido-bridge - An OpenSSH SK middleware that allows you to use a FIDO/U2F security key (e.g. a YubiKey) to SSH into a remote server from WSL or Cygwin.
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
wsl2-ssh-pageant - bridge between windows pageant and wsl2
thoughts - Just my public thoughts, think of it like a blog I never update
sekey - Use Touch ID / Secure Enclave for SSH Authentication!
Win32-OpenSSH - Win32 port of OpenSSH
u2f-token - u2f token firmware for stm32f103 and efm32hg boards
git-credential-manager - Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.