diff options
author | Damien Miller <djm@cvs.openbsd.org> | 2020-05-11 02:11:30 +0000 |
---|---|---|
committer | Damien Miller <djm@cvs.openbsd.org> | 2020-05-11 02:11:30 +0000 |
commit | 25ff03497c88f3882f8343c4bb33220d434a8f29 (patch) | |
tree | 4063fb531129f8c2a6254695c714cf3b81011d70 /usr.bin/ssh | |
parent | 2e918ba696d2a8e6750faaa8c24d13dbb9eeefe3 (diff) |
clarify role of FIDO tokens in multi-factor authentictation;
mostly from Pedro Martelletto
Diffstat (limited to 'usr.bin/ssh')
-rw-r--r-- | usr.bin/ssh/PROTOCOL.u2f | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/usr.bin/ssh/PROTOCOL.u2f b/usr.bin/ssh/PROTOCOL.u2f index 917e669cdda..fd4325b3aba 100644 --- a/usr.bin/ssh/PROTOCOL.u2f +++ b/usr.bin/ssh/PROTOCOL.u2f @@ -39,6 +39,13 @@ the key handle be supplied for each signature operation. U2F tokens primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2 standard specifies additional key types, including one based on Ed25519. +Use of U2F security keys does not automatically imply multi-factor +authentication. From sshd’s perspective, a security key constitutes a +single factor of authentication, even if protected by a PIN or biometric +authentication. To enable multi-factor authentication in ssh, please +refer to the AuthenticationMethods option in sshd_config(5). + + SSH U2F Key formats ------------------- |