Merged
Conversation
This adds support for the ECDSA-SK and ED25519-SK formats. The keys have an "application" specifier that is user defined, here in the example it is "ssh:". The test keys come from: https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78934/diffs More context: https://github.com/openssh/openssh-portable/blob/8926956f22639132a9f2433fcd25224e01b900f5/PROTOCOL.u2f#L81-L86 https://cryptsus.com/blog/how-to-configure-openssh-with-yubikey-security-keys-u2f-otp-authentication-ed25519-sk-ecdsa-sk-on-ubuntu-18.04.html
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Nov 16, 2022
This pulls in flatcar/update-ssh-keys#7 to support Hardware Security Keys in update-ssh-keys. Until we have a new crates.io release of openssh-keys with coreos/openssh-keys#68 we need to host it on Origin or find a way to make the eclass more flexible.
2 tasks
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Nov 16, 2022
This pulls in flatcar/update-ssh-keys#7 to support Hardware Security Keys in update-ssh-keys. Until we have a new crates.io release of openssh-keys with coreos/openssh-keys#68 we need to host it on Origin or find a way to make the eclass more flexible. Here it was hosted on Origin (from "cargo package").
pothos
added a commit
to flatcar-archive/coreos-overlay
that referenced
this pull request
Nov 16, 2022
This pulls in flatcar/update-ssh-keys#7 to support Hardware Security Keys in update-ssh-keys. Until we have a new crates.io release of openssh-keys with coreos/openssh-keys#68 we need to host it on Origin or find a way to make the eclass more flexible. Here it was hosted on Origin (from "cargo package") and the Cargo.toml/lock patched on build to think it would come from crates.io because the Gentoo eclass only supports that location.
Contributor
Author
|
We are using this now as downstream patch in Flatcar but it would be great to get it in and do a crates.io release. |
lucab
approved these changes
Nov 16, 2022
t-lo
pushed a commit
to flatcar/scripts
that referenced
this pull request
Apr 17, 2023
This pulls in flatcar/update-ssh-keys#7 to support Hardware Security Keys in update-ssh-keys. Until we have a new crates.io release of openssh-keys with coreos/openssh-keys#68 we need to host it on Origin or find a way to make the eclass more flexible. Here it was hosted on Origin (from "cargo package") and the Cargo.toml/lock patched on build to think it would come from crates.io because the Gentoo eclass only supports that location.
dongsupark
added a commit
to flatcar/update-ssh-keys
that referenced
this pull request
Oct 26, 2023
Now that coreos/openssh-keys#68 was merged, we should simply use upstream openssh-keys 0.6.2, instead of a custom branch.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This adds support for the ECDSA-SK and ED25519-SK formats.
The keys have an "application" specifier that is user defined, here in
the example it is "ssh:".
The test keys come from:
https://gitlab.com/gitlab-org/gitlab/-/merge_requests/78934/diffs
More context:
https://github.com/openssh/openssh-portable/blob/8926956f22639132a9f2433fcd25224e01b900f5/PROTOCOL.u2f#L81-L86
https://cryptsus.com/blog/how-to-configure-openssh-with-yubikey-security-keys-u2f-otp-authentication-ed25519-sk-ecdsa-sk-on-ubuntu-18.04.html