Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Accepting sk-ssh-ed25519@openssh.com for ingress key #456

Closed
perrze opened this issue Mar 20, 2024 · 1 comment
Closed

Accepting sk-ssh-ed25519@openssh.com for ingress key #456

perrze opened this issue Mar 20, 2024 · 1 comment

Comments

@perrze
Copy link
Contributor

perrze commented Mar 20, 2024

Hi,
Some of the bastion users in my group are using sk-ssh-ed25519@openssh.com (ed25519 key protected by an hardware security key like yubikey).
These keys are not accepted by the bastion.
I wonder if it would be possible or compliant with how bastion works to accept these keys as ingress keys for users ?
@speed47
Copy link
Collaborator

speed47 commented Mar 20, 2024

Hello,

Yes, a contributor started the effort here #420 , currently at OVHcloud we use Yubikeys but usually we use the PIV slot (9a) or the GPG applet (which supports SSH through gpg-agent), however I'm looking into also supporting Webauthn for SSH, which is the sk- series of keytypes as seen by OpenSSH.

I'll look into it in the following days :)

@perrze perrze closed this as completed Apr 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@speed47 @perrze