Here's excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol.
OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements.
First, OpenSSH 8.2 added support for FIDO/U2F hardware authenticators, and the second, it has deprecated SSH-RSA public key signature algorithm and planned to disable it by default in the future versions of the software.
FIDO (Fast Identity Online) protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks.
"In OpenSSH, FIDO devices are supported by new public key types' ecdsa-sk' and 'ed25519-sk', along with corresponding certificate types," the OpenSSH 8.2 release note says.
"FIDO tokens are most commonly connected via USB but may be attached via other means such as Bluetooth or NFC. In OpenSSH, communication with the token is managed via a middleware library."
OpenSSH team first introduced the support for U2F/FIDO as an experimental feature in November 2019, which relied on the same middleware for Yubico's libfido2 that is capable of talking to any standard USB HID U2F or FIDO2 token.
A physical security ..
Support the originator by clicking the read the rest link below.
