News

OpenSSH 8.2 has support for hardware authentication via FIDO U2F

By admin
Spread the love

The release of version 8.2 adds support for FIDO U2F hardware authenticators, allowing, for example, USB keys based on the FIDO standard to be used for two-step authentication.

According to the OpenSSH 8.2 release notes, the support allows the network tools to be used in combination with relatively inexpensive 2fa hardware that can be used for website authentication. U2F stands for Universal 2nd Factor and is an open standard managed by the FIDO Alliance. OpenSSH supports FIDO devices with new public key types ‘ecdsa-sk’ and ‘ed25519-sk’, along with corresponding certificate types, is stated in the release notes.

In terms of security, OpenSSH no longer accepts the sha1-based ‘ssh-rsa’ algorithm. When calculating a certificate created via ssh-keygen, the rsa-sha2-512 algorithm is used by default. Sha1 is deprecated and prone to collision attacks. Use is therefore not recommended.

While OpenSSH’s certificate format makes exploitation of chosen-prefix collisions difficult, the developers say sha1 is a demonstrably flawed algorithm and attack improvements are very likely.

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Logitech acquires stream controller maker Loupedeck

News

Rumor: First Macs with M3 sockets coming in October