Page MenuHomePhorge

Support for FIDO2-backed SSH keys
Closed, ObsoletePublic

Asked by antonia on Dec 6 2023, 13:48.

Details

Phorge does not accept ssh keys of type sk-ssh-ed25519@openssh.com or sk-ecdsa-sha2-nistp256@openssh.com, which are keys backed by a FIDO2 token. This is easily solvable by just adding them to src/applications/auth/sshkey/PhabricatorAuthSSHPublicKey.php. An even better solution could be querying the ssh server with ssh -Q key to get the list of supported keytypes.

Answers

avivey
Updated 77 Days Ago

Looks like the original list was added in November 2013, and the -Q feature was only being introduced.

Also, the original diff says "If we end up with more than like 5 of these we should probably make this a warning or something instead, the only goal is to prevent user error."...

Update: https://we.phorge.it/book/phorge/article/diffusion_hosting/ says we support ssh 6.2 or later, and -Q was added in 6.3, so that would need to be updated too.

valerio.bozzolan
Updated 44 Days Ago

Thanks again for the question that was escalated to a patch here:

D25508: Add support for FIDO2-backed SSH keys

New Answer

Answer

This question has been marked as closed, but you can still leave a new answer.