I'd like to suggest to extend / refactor the SSH documentation
create an Overview page. This allows the re-use of the details for different devices.
SSH key can be protected with different approaches:
* GnuPG agent, in this case one of the sub-keys is used <link to current page>
* ssh with FIDO2, in this case a feature build into OpenSSH is used <link to new page>
the overview page should only list the options supported by the device being documented.
the content of the new page would be something like
FIDO is supported starting with version OpenSSH 8.2p1
* generate a ssh-key: ssh-keygen -t ed25519-sk -O verify-required -O resident -O application="ssh:my-application" -C "my-comment"
* resident keys are supported starting with OpenSSH 8.3
* NOTE: verify-required is not supported by ssh-agent
* NOTE: libpam-ssh-agent-auth version 0.10.3 does not support these new key types
* download resident keys on different machine: ssh-keygen -K
* the server can request verification by adding "PubkeyAuthOptions verify-required" to sshd_config
the menu would have one additional level
Nitrokey 3
-> Linux
--> SSH Overview
---> SSH with GnuPG Agent
---> SSH with FIDO2
File: [pro/linux/ssh.rst] https://docs.nitrokey.com/pro/linux/ssh.html
I'd like to suggest to extend / refactor the SSH documentation
create an Overview page. This allows the re-use of the details for different devices.
the overview page should only list the options supported by the device being documented.
the content of the new page would be something like
the menu would have one additional level