Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support ECDSA SSH keys and FIDO/U2F key types in Lagoon #2189

Closed
smlx opened this issue Sep 8, 2020 · 6 comments · Fixed by #3662
Closed

Support ECDSA SSH keys and FIDO/U2F key types in Lagoon #2189

smlx opened this issue Sep 8, 2020 · 6 comments · Fixed by #3662
Labels
1-api-auth API & Authentication subsystem

Comments

@smlx
Copy link
Member

smlx commented Sep 8, 2020

The YubiKey 5 Series supports the following algorithms on the PIV smart card application.

RSA 1024
RSA 2048
ECC P-256
ECC P-384

https://support.yubico.com/support/solutions/articles/15000014219-yubikey-5-series-technical-manual

I'd like to use my Yubikey to interact with Lagoon via SSH, but only RSA and Ed25519 keys are supported by Lagoon. For various reasons RSA 2048-bit keys aren't great so it would be nice to add support for at least ecdsa-sha2-nistp256, and possibly ecdsa-sha2-nistp384.
@smlx smlx added the 1-api-auth API & Authentication subsystem label Sep 8, 2020
@cdchris12 cdchris12 mentioned this issue Feb 17, 2022
Closed
@smlx
Copy link
Member Author

smlx commented Feb 24, 2022

Lagoon should also support the FIDO/U2F key types ecdsa-sk and ed25519-sk.
https://www.openssh.com/txt/release-8.2

@tobybellwood
Copy link
Member

As long as the key type is parsable by sshpk - it should be easyish to add in.

I'm not sure that the *-sk are supported by sshpk, so we may need to look to validate somehow else?

@smlx
Copy link
Member Author

smlx commented Feb 24, 2022

Looks like it isn't supported TritonDataCenter/node-sshpk#72

@smlx
Copy link
Member Author

smlx commented Feb 24, 2022

Even the non sk versions will make it easier to use Yubikeys.

@cdchris12 cdchris12 mentioned this issue Mar 31, 2022
Merged
3 tasks
@tobybellwood
Copy link
Member

ECDSA key support is now in Lagoon

@tobybellwood
Copy link
Member

Going to reopen this to track the -sk key types

@tobybellwood tobybellwood reopened this Nov 27, 2023
@tobybellwood tobybellwood changed the title Support ECDSA SSH keys in Lagoon Support ECDSA SSH keys and FIDO/U2F key types in Lagoon Nov 27, 2023
@shreddedbacon shreddedbacon mentioned this issue Mar 4, 2024
Merged
4 tasks
@rocketeerbkw rocketeerbkw mentioned this issue Mar 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
1-api-auth API & Authentication subsystem
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: use api-sidecar-handler to offload sshkey handling and add more types uselagoon/lagoon
2 participants
@smlx @tobybellwood