You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi,
Some of the bastion users in my group are using sk-ssh-ed25519@openssh.com (ed25519 key protected by an hardware security key like yubikey).
These keys are not accepted by the bastion.
I wonder if it would be possible or compliant with how bastion works to accept these keys as ingress keys for users ?
The text was updated successfully, but these errors were encountered:
Yes, a contributor started the effort here #420 , currently at OVHcloud we use Yubikeys but usually we use the PIV slot (9a) or the GPG applet (which supports SSH through gpg-agent), however I'm looking into also supporting Webauthn for SSH, which is the sk- series of keytypes as seen by OpenSSH.
Hi,
Some of the bastion users in my group are using sk-ssh-ed25519@openssh.com (ed25519 key protected by an hardware security key like yubikey).
These keys are not accepted by the bastion.
I wonder if it would be possible or compliant with how bastion works to accept these keys as ingress keys for users ?
The text was updated successfully, but these errors were encountered: