upstream: clarify role of FIDO tokens in multi-factor
authentictation; mostly from Pedro Martelletto OpenBSD-Commit-ID: fbe05685a1f99c74b1baca7130c5a03c2df7c0ac
This commit is contained in:
djm@openbsd.org
Damien Miller
parent
ecb2c02d99
commit
5a442cec92
|
|
@ -39,6 +39,13 @@ the key handle be supplied for each signature operation. U2F tokens
|
|||
primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2
|
||||
standard specifies additional key types, including one based on Ed25519.
|
||||
|
||||
Use of U2F security keys does not automatically imply multi-factor
|
||||
authentication. From sshd’s perspective, a security key constitutes a
|
||||
single factor of authentication, even if protected by a PIN or biometric
|
||||
authentication. To enable multi-factor authentication in ssh, please
|
||||
refer to the AuthenticationMethods option in sshd_config(5).
|
||||
|
||||
|
||||
SSH U2F Key formats
|
||||
-------------------
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue