Openwrt/packages
0
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-02-07 03:29:52 +00:00
Code
packages/net/openssh/Config.in
Linos Giannopoulos 855db864b0 openssh: Add FIDO2 hardware token support 
Version 8.2[0] added support for two new key types: "ecdsa-sk" and
"ed25519-sk". These two type enable the usage of hardware tokens that
implement the FIDO (or FIDO2) standard, as an authentication method for
SSH.

Since we're already on version 8.4 all we need to do is to explicitly enable
the support for hardware keys when compiling OpenSSH and add all the
missing dependencies OpenSSH requires.

OpenSSH depends on libfido2[1], to communicate with the FIDO devices
over USB. In turn, libfido2 depends on libcbor, a C implementation of
the CBOR protocol[2] and OpenSSL.

[0]: https://lwn.net/Articles/812537/
[1]: https://github.com/Yubico/libfido2
[2]: tools.ietf.org/html/rfc7049

Signed-off-by: Linos Giannopoulos <linosgian00@gmail.com>
2021-01-07 00:53:05 +02:00

13 lines
383 B
Plaintext
Raw Permalink Blame History

if PACKAGE_openssh-server
config OPENSSH_LIBFIDO2
bool
default y
prompt "Include libfido2 support in openssh-server"
help
OpenSSH version 8.2 added two new ssh authentication methods,
namely `ecdsa_sk` and `ed25519_sk`. These two methods make use
of hardware keys that implement the FIDO and FIDO2 protocols.
In order to use these two types, libfido2 is required.
endif
View Git Blame Copy Permalink