Eugeny
commented
2 years ago I've got no experience with U2F so I don't know how it works exactly, but SSH PK auth is handled by the server_read_auth_request_pk method here - you'd need to add support for decoding the key format (https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f) and validating the signature.
I'm happy to take care of all warpgate-specific integration code if you can get the SK support into russh!
OpenSSH supports hardware authentication through the two key types "ecdsa-sk" and "ed25519-sk". From what I can tell this is not supported by warpgate.
How hard would it be to implement this? If it is relatively straightforward I would be willing to create a PR in the following weeks.