<?xml version="1.0"?>
<?xml-stylesheet type="text/xsl" href="/rss.xsl.xml"?>
<rss version="2.0" xmlns:dc="http://purl.org/dc/elements/1.1/">
<channel>
    <title>Changes in Makefile</title>
    <description></description>
    <language>en</language>
    <copyright>Copyright 2015</copyright>
    <generator>Java</generator><item>
        <title>e9a99463 - ssh: enable FIDO/U2F keys</title>
        <link>http://172.16.0.5:8080/history/freebsd-14.2/secure/libexec/ssh-sk-helper/Makefile#e9a99463</link>
        <description>ssh: enable FIDO/U2F keysDescription of FIDO/U2F support (from OpenSSH 8.2 release notes,https://www.openssh.com/txt/release-8.2):  This release adds support for FIDO/U2F hardware authenticators to  OpenSSH. U2F/FIDO are open standards for inexpensive two-factor  authentication hardware that are widely used for website  authentication.  In OpenSSH FIDO devices are supported by new public  key types &quot;ecdsa-sk&quot; and &quot;ed25519-sk&quot;, along with corresponding  certificate types.  ssh-keygen(1) may be used to generate a FIDO token-backed key, after  which they may be used much like any other key type supported by  OpenSSH, so long as the hardware token is attached when the keys are  used. FIDO tokens also generally require the user explicitly  authorise operations by touching or tapping them.  Generating a FIDO key requires the token be attached, and will  usually require the user tap the token to confirm the operation:    $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk    Generating public/private ecdsa-sk key pair.    You may need to touch your security key to authorize key generation.    Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):    Enter passphrase (empty for no passphrase):    Enter same passphrase again:    Your identification has been saved in /home/djm/.ssh/id_ecdsa_sk    Your public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub  This will yield a public and private key-pair. The private key file  should be useless to an attacker who does not have access to the  physical token. After generation, this key may be used like any  other supported key in OpenSSH and may be listed in authorized_keys,  added to ssh-agent(1), etc. The only additional stipulation is that  the FIDO token that the key belongs to must be attached when the key  is used.To enable FIDO/U2F support, this change regenerates ssh_namespace.h,adds ssh-sk-helper, and sets ENABLE_SK_INTERNAL (unless buildingWITHOUT_USB).devd integration is not included in this change, and is underinvestigation for the base system.  In the interim the security/u2f-devdport can be installed to provide appropriate devd rules.Reviewed by:	delphij, kevansRelnotes:	YesSponsored by:	The FreeBSD FoundationDifferential Revision:	https://reviews.freebsd.org/D32509

            List of files:
            /freebsd-14.2/secure/libexec/ssh-sk-helper/Makefile</description>
        <pubDate>Thu, 07 Oct 2021 03:31:17 +0000</pubDate>
        <dc:creator>Ed Maste &lt;emaste@FreeBSD.org&gt;</dc:creator>
    </item>
</channel>
</rss>
