diff options
| -rw-r--r-- | usr.bin/ssh/PROTOCOL.u2f | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/usr.bin/ssh/PROTOCOL.u2f b/usr.bin/ssh/PROTOCOL.u2f index 917e669cdda..fd4325b3aba 100644 --- a/usr.bin/ssh/PROTOCOL.u2f +++ b/usr.bin/ssh/PROTOCOL.u2f @@ -39,6 +39,13 @@ the key handle be supplied for each signature operation. U2F tokens primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2 standard specifies additional key types, including one based on Ed25519. +Use of U2F security keys does not automatically imply multi-factor +authentication. From sshd’s perspective, a security key constitutes a +single factor of authentication, even if protected by a PIN or biometric +authentication. To enable multi-factor authentication in ssh, please +refer to the AuthenticationMethods option in sshd_config(5). + + SSH U2F Key formats ------------------- |