support for requiring user verified FIDO keys in sshd - wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

diff options

author	djm <djm@openbsd.org>	2020-08-27 01:07:09 +0000
committer	djm <djm@openbsd.org>	2020-08-27 01:07:09 +0000
commit	869858c29eb2d133b803b55813e6fa18354a0bb5 (patch)
tree	b9fbae89988746fdd8980f2782421980ed154113 /usr.bin/ssh/ssh-keygen.c
parent	support for user-verified FIDO keys (diff)
download	wireguard-openbsd-869858c29eb2d133b803b55813e6fa18354a0bb5.tar.xz wireguard-openbsd-869858c29eb2d133b803b55813e6fa18354a0bb5.zip

support for requiring user verified FIDO keys in sshd

This adds a "verify-required" authorized_keys flag and a corresponding sshd_config option that tells sshd to require that FIDO keys verify the user identity before completing the signing/authentication attempt. Whether or not user verification was performed is already baked into the signature made on the FIDO token, so this is just plumbing that flag through and adding ways to require it. feedback and ok markus@

Diffstat (limited to 'usr.bin/ssh/ssh-keygen.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: