macOS: security keys -- how do we want to support them? #65
Comments
|
@dmccaffery are there any obvious downsides to replacing the ssh-agent? Apple seems to have a history of letting the built-in cli tools lag. So I'm hesitant to say we should continue to use a less secure algorithm in the hopes Apple will ship support soon. |
Apple lags due to licensing restrictions on the upstreams. Not sure why OpenSSH is lagging behind, specifically; other then it works for their use cases around Xcode as a development platform. I'm all for replacing the built-ins; just wanted to get everyone's opinions. |
|
I am not currently using a security key... although I have thought about getting one a bunch of times I do think security is important. If we are willing to support them for the time being (one of us have a vested use-case) then we should implement something that can and will work now. |
|
I might have time this weekend to work on a POC to see what this looks like on macOS -- see what others think once implemented. @sjk07 : you should definitely get a key -- I use this guide (mostly): https://github.com/drduh/YubiKey-Guide |
|
I ended up folding and buying a Yubikey or two 😜 Ill follow the above; lets find a way to support this correctly |
|
This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days. |
|
Bumping this, I have a key but have not setup anything via terminal; i think this would be an awesome thing to have. |
The macOS ssh-agent does not support security key algorithms (ed25519-sk and ecdsa-sk) out of the box. We currently support yubikeys by configuring the PGP module within the ssh-agent, but this requires the use of the aging rsa algorithm.
We have a few options:
I'd like to know what others think. Is anyone else using security keys besides me?
The text was updated successfully, but these errors were encountered: