PIV security key support

barde commented 4 years ago

Bug description

According to the readme the Yubikey is supported with PIV keys for SSH login: https://hwsecurity.dev/docs/supported-hardware/

When using TermBot only the OpenGPG key is used, tough.

Steps to reproduce

Add Yubikey
Login to server
Prompt for OpenGPG card is opened
No way to chose PIV key on Yubikey

Expected behavior

When adding a Yubikey or other supported hardware device with PIV support by the SDK a dialogue should offer the user a choice which key system is to be used.

Screenshots

N/A

Android device

Device: Samsung S10
OS: Android 9
TermBot Version: 1.9.5

Server information

OS: Debian Buster
SSH Software and Version: OpenSSH current
Pubkeys used (if applicable): RSA

Additional context

Thanks a lot that finally someone cared for a solution to login with Yubikeys with smart phones! I waited for years and would gladly pay for being able to use the PIV keys with a ssh client.

dschuermann commented 4 years ago

While the SDK does support PIV, Termbot currently only supports OpenPGP. I haven't figured out a good user interface to decide between PIV and OpenPGP...

barde commented 4 years ago

Idea: when adding the HSM, Termbot checks if OpenGPG and/or PIV keys are available. If more than one key is found, the user can chose the key he wants to add to this SSH key profile.

The key selection screen shows some general information like key name and location, i.e. OpenGPG/PIV.