[ssh_x509] Removal of OpenSSH 8.2p1 security key feature

ssh_x509 at roumenpetrov.info ssh_x509 at roumenpetrov.info
Sun Feb 16 20:37:23 EET 2020


ssh_x509 at roumenpetrov.info wrote:
> Hi,
>
> It seems that X509 12.4 removes the new "security key" feature from
> OpenSSH 8.2p1.
PKIX-SSH manages own repository and this feature is not included.
If is important I could publish a separate branch with this.

>   I am wondering if this is intentional, is there some sort
> of conflict between this in X509?
I cannot see anything useful in this implementation. Nothing is related 
to two-factor. It seems to me is so easy to implement fake-sk key based 
on respective non-sk key.

About secure token - it seems to me PKCS#11 with X.509 is still superior.


Regards,
Roumen Petrov



More information about the ssh_x509 mailing list