English 中文(简体)
能否使用开放式SSH FIDO2 扫描关键证明数据来核实主要居住地点是否只有国际家庭发展署2 标记(例如Yubikey)?
原标题:Can the OpenSSH FIDO2 ssh key attestation data be used verify the key resides only a FIDO2 token (e.g. Yubikey)?

开放式SSH >=8.2允许使用ID2认证,而sh星指挥则允许在FID2标记(如Yubikey)上建立居民钥匙。 在主要一代人中,还有产出证明数据的选择,可以选择进行书面测试。 E.g.

ssh-keygen -t ed25519-sk -O resident -O write-attestation=id_ed25519-Yubikey.attest -O application=ssh:id_ed25519-Yubikey -f id_ed25519-Yubikey

两个问题:

  1. 开放SSH创建的证明文件的形式是什么?

  2. 能否利用证明数据核实国际DO2号标书产生的对应公用钥匙,因此只能作为Yubikey/FIDO2号标线上的常住钥匙居住?

问题回答

格式是 

Attestation information is useful for out-of-band key and certificate
registration workflows, e.g. proving to a CA that a key is backed
by trusted hardware before it will issue a certificate. To support this
case, OpenSSH optionally allows retaining the attestation information
at the time of key generation. It will take the following format:

    string      "ssh-sk-attest-v01"
    string      attestation certificate
    string      enrollment signature
    string      authenticator data (CBOR encoded)
    uint32      reserved flags
    string      reserved string

我不认为,今天可以由一个开放式服务器直接使用。 但是,你可以结合一份短片证明书,仅向证明在某种假肢装置上产生的钥匙颁发证书。

时间:2023-06-07 02:55:43


上一篇:
下一篇:


相关问题
ssh issue in a loop

I have a script that connects to a server using ssh. While in a loop, it fails to connect to the second server after connecting to the first one. I guess I have to quit from that server to come back ...

时间:2009-11-26 07:17:02 回答:4 展示:1
Python SSH paramiko issue - ssh from inside of ssh session

import paramiko client = paramiko.SSHClient() client.load_system_host_keys() ip = 192.168.100.6 client.connect(ip, username= root , password= mima ) i, o, e = client.exec_command( apt-get install ...

时间:2009-11-25 11:47:07 回答:2 展示:1
Trying to get a terminal to work in Emacs

I ve been having a lot of problems with emacs and trying to get the terminal to work with: M-x term I installed cygwin and I fixed up my .emacs to include the paths: (setenv "PATH" (concat "...

时间:2009-11-24 09:57:42 回答:2 展示:1
How can I debug a Perl CGI script?

I inherited a legacy Perl script from an old server which is being removed. The script needs to be implemented on a new server. I ve got it on the new server. The script is pretty simple; it ...

时间:2009-11-18 17:36:26 回答:2 展示:1
ActionScript 3 and SSH

Is there a library for SSH in ActionScript 3? If not, I d appreciate some ideas on how to have Flash integrate with SSH. I have a Flash prototype programmed out, and my client wants to see some ...

时间:2009-11-16 23:38:16 回答:2 展示:1
Solving thread cleanup on paramiko

I have an automated process using paramiko and have this error: Exception in thread Thread-1 (most likely raised during interpreter shutdown) .... .... <type exceptions.AttributeError >: ...

时间:2009-11-16 22:21:36 回答:3 展示:1
how to use ping in a script

I want a bash script that ll do: for c in computers: do ping $c if ping is sucessfull: ssh $c check something done If I only do ssh and the computer is iresponsive, it takes forever ...

时间:2009-11-13 08:32:22 回答:9 展示:1
Changing username in SVN+SSH URI on the fly in working copy

I am using SVN+SSH to check out a working copy of repository from an SVN server on which all developers are members of a developer group and have full read/write permissions on the repository ...

时间:2009-11-09 19:01:03 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全