Originally posted by **forrest96** June 2, 2024
Could you add support for FIDO-backed public key authentication in the OpenSSH Server (sshd)?
This includes the following algorithms:
- sk-ssh-ed25519-cert-v01@openssh.com
- sk-ecdsa-sha2-nistp256-cert-v01@openssh.com
- sk-ssh-ed25519@openssh.com
- sk-ecdsa-sha2-nistp256@openssh.com
The implementation should be straightforward.
Please add the following configurations to sshd_config to indicate the supported implementations:
- PubkeyAuthOptions
- PubkeyAcceptedAlgorithms
ssh-ed25519-cert-v01@openssh.com,
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
sk-ssh-ed25519-cert-v01@openssh.com,
sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,
rsa-sha2-512-cert-v01@openssh.com,
rsa-sha2-256-cert-v01@openssh.com,
ssh-ed25519,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
sk-ssh-ed25519@openssh.com,
sk-ecdsa-sha2-nistp256@openssh.com,
rsa-sha2-512,rsa-sha2-256
Discussed in https://github.com/PowerShell/Win32-OpenSSH/discussions/2236