git.99rst.org / openwrt-packages.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1ce5b10)
openssh: Add FIDO2 hardware token support
authorLinos Giannopoulos <redacted>
Wed, 6 Jan 2021 21:19:48 +0000 (23:19 +0200)
committerLinos Giannopoulos <redacted>
Wed, 6 Jan 2021 22:53:05 +0000 (00:53 +0200)
commit855db864b0c4d2dcc5ed2f0182ea4a7942314086
treedf57ef4f4713a06ce6ed98cc1c99b2872439d577tree | snapshot
parent1ce5b104259503be843f7a92a8955ad5021fda04commit | diff
openssh: Add FIDO2 hardware token support

Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.

Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.

OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.

[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2
[2]: tools.ietf.org/html/rfc7049

Signed-off-by: Linos Giannopoulos <redacted>
net/openssh/Config.in [new file with mode: 0644] blob
net/openssh/Makefile diff | blob | history
git clone https://git.99rst.org/PROJECT