trishankatdatadog
commented
4 years ago We are blocked from using this until GitHub supports it.
Closed trishankatdatadog closed 3 years ago
trishankatdatadog
commented
4 years ago We are blocked from using this until GitHub supports it.
mejofi
commented
3 years ago GitHub now supports it; https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations/
I looked at using FIDO2 support in OpenSSH before this became known, however, and eventually settled on using this existing project with GPG instead, because the tooling around the FIDO2 support is still a bit wonky. The feedback you get from things like ssh-add is very minimal, FIDO2 support on the YubiKey 5 is shared with FIDO U2F, so resetting that part of the key to wipe the SSH keys also wipes your U2F identities for Google, GitHub, etc. in a way that didn't seem obvious.
Plus the fact that it requires OpenSSH 8.2 and up, which means that you need to install SSH from an external source on both macOS and Debian, which, while workable, isn't ideal, IMO?
These might be non-issues for some, but to me the GPG support felt much more solid, scriptable, etc., which is why I am moving forward with GPG instead of FIDO2. YMMV, of course :)
trishankatdatadog
commented
3 years ago Maybe we should consider this closed for the reasons you delineated, @mejofi. Thanks!
https://buttondown.email/cryptography-dispatches/archive/cryptography-dispatches-openssh-82-just-works/