Security Keys #1875
Replies: 6 comments 25 replies
-
Yup. I've relied on Yubikey/PKCS11/gnupg for several years (ed25519). It was a huge PIA to set up, including getting the pin prompt to pop up in the right place. But once set up, it's solid. Webauthn / FIDO2 promise to make the set up flow easier, but I still have trouble with use. If blink could cleanly support the PKCS11 flows of key creation, use, and deletion, I'd just use that. Especially if I could do ed25519 :) |
Beta Was this translation helpful? Give feedback.
-
FWIW, it might be useful to consider if you want to make this decision based on implementation constraints or the user cohorts it will support.
I also want to caution on building a strategy that only works in future. Security devices tend to be sticky and have rollouts that are hard to coordinate. PKCS11 is old, but is alive and well in many places. I'd be surprised out of organizations that adopted u2f-only keys more than 50% will migrate to WebAuthn based ones within next 5 years(again, because there is no good interop on either server or client side and thus doing a mixed setup is a pain). |
Beta Was this translation helpful? Give feedback.
-
I have experience using WebAuthn/FIDO2 with ssh and using pgp keys via gpg. I have not used PIV, which I think is the thing Apple supports. I don’t understand why anyone would use U2F now that the FIDO2 standard is implemented in OpenSSH. I did not get the impression that it was very popular for anything other than website logins, although apparently GitHub uses it? I thought they updated to allow FIDO2/webauthn ssh keys? FIDO2 is great, as long as you have a client and server that supports it. My Mac ssh client did not support it. I have yet to see an active Linux distro that won’t support it in with at most an extra call to the package manager for an sk module. This is what Blink currently supports via the iOS security key system. It works pretty well! By cleverly naming the key, I was able to get the key on my Yubikey created by Blink to be discoverable by OpenSSH. Now I can use my Yubikey to get onto my servers from any linux box that will take the ssh-keygen -K command, and I only have to delete one key from all of my servers if I ever lose my Yubikey. The one thing I would like to be able to do is use keys already on my Yubikey in a new install of Blink, which would make getting a new iPad easier for me. I assume that is technically infeasible due to the iOS security key implementation, although you can share passkeys via iCloud, so I could be wrong. I also assume that is not a common need among power users who have a good workflow for adding keys to a server. I have also used my gpg auth key stored on my Yubikey for ssh authentication. This has the advantage that I think anyone with my public key can grant me access to a server without me having to send them a separate public key string. Also, I can quickly set up ssh access to servers from a new computer without moving public key strings around. The disadvantage is that it’s hard to set up. Once you know how, it only takes a minute, but you have to change environment variables and set up the gpg agent to interface with ssh. It’s a bad user experience, but it was my best option pre-2020 before anything supported FIDO2. |
Beta Was this translation helpful? Give feedback.
-
Is it possible to interoperability with WebAuthn and U2F? I needs to more dig up.. It seems like CTAP1 and CTAP2 token can be converted each other: https://medium.com/webauthnworks/verifying-fido-u2f-attestations-in-fido2-f83fab80c355 |
Beta Was this translation helpful? Give feedback.
-
I am having the same issue - I was able to recover the key on my Mac, was able to ssh from macOS using FWIW: Prompt 3 is able to use the same |
Beta Was this translation helpful? Give feedback.
-
I finally got some time to test everything one more time, connecting to both macOS and Linux, and including the flows to extract the keys on both macOS and Linux and I can attest from my side that this is working. HW: YubiKey 5C NFC and iPad Air (m1) and iPad Pro (m2). Still need to test on new iPhone. So I'm honestly surprised because I thought at one point the whole test would fail. I had a very old key from my last tests that I totally forgot about, but I was still able to use it to connect to my local computer. Then I created a different key with the "ssh:" prefix so that, as mentioned before, OpenSSH will identify it and extract it. I proceeded to extract the key on the Mac using ssh-keygen -K as mentioned by @Tahpo2:
On Linux. Same story, but working out of the box. All the machines are able to connect to each other using the same Yubikey generated by Blink. So that's the state of things as of today. |
Beta Was this translation helpful? Give feedback.
-
I want to open a discussion for what our options supporting Security Key are. Please read and chime in. I want to make sure we have enough support behind a solution before moving development ahead on this again. If we have that, we could possibly have something for October.
This month we took a deep look at what is the current situation and what the opportunities here are. Long story short, SSH WebAuthn is still a bet on the future and during this year, support has not improved. But the good news are that we may have a different option going forward.
Requirements
Supporting sk-ecdsa and sk-ed25519 on iOS / iPadOS
WebAuthn
This is our current approach. OpenSSH supports both U2F and WebAuthn. Although keys are identified the same, the signatures types different: Protocol info for sk-ssh-ed25519@openssh.com & webauthn-sk-ecdsa-sha2-nistp256@openssh.com. This is because the content of the signed blob, particularly the clientData, differs on both. WebAuthn is backwards compatible, but you cannot have a U2F server deal with a WebAuthn signature.
Although in the “web world” WebAuthn has phased out U2F, in the OpenSSH world it looks like U2F has received most of the backing. Ie. GitHub has adopted passkeys for web but still does not support them for ssh log in. We could try to be more active on getting it enabled in more places, but we don’t have much leverage.
WebAuthn is very cool though and it works through all keys. Synchronizing between devices should be straightforward as well. One limitation was the SSH Agent but this could be fixed, at least in the Blink Agent.
U2F
Then I looked into supporting U2F signatures through the Yubikey SDK. Unfortunately, the U2F application in Yubikey does not work over USB-C in the iOS SDK. It does support it over NFC and MFI (Lightning). Libfido2 works using PC/SC, which is not seem possible on iOS. A similar thing would be the Yubikey using SmartCard over USB-C, but that interface does not have U2F available in the device. I think the HID FIDO interface (which would be the useful one), is the one they used for WebAuthn but we cannot tap into it. Will try to reach out to Yubico on this, but please forward the question if you know anyone there.
If we want to be more flexible with the requirements, we could make it iPhone only with NFC, MFI, etc. This is what Termius does, but I do not think it is worth the effort. It would only work on Yubikeys, we would have to embed their SDK, etc… To solve the iPhone-only issue, we could maybe route log in requests from our agent to a nearby phone. I think this would be already too complicated.
Supporting PKCS11 on Smart Cards
iOS16 added Smart Card integration. This gave me the idea that we could do something like PKCS11 on OpenSSH (suggested by Yubikey on PIV section).
This seems even supported out of the box on macOS. I tried it and it took me a while to set it up, but it worked. I had to download all the Yubikey CLI tools, then install ssh from Homebrew so other libraries could be enabled, etc… https://apple.stackexchange.com/questions/448697/how-can-i-use-my-yubikey-certificate-as-ssh-private-public-keys-on-macos
But people seems to be happy with it and even call it “easy”, “three-steps”: https://news.ycombinator.com/item?id=17683061. IMO, not as easy as it should be though and they have had their issues: Yubico/yubico-piv-tool#319. But it seems standard enough.
The good news is: I did a quick test and it would not be super hard to support. It seems like it would even check all the boxes in our requirements. And because in Blink we control the agent, it would actually be super easy and compatible with already installed keys, etc… It would work with ECDSA keys, ED25519, etc... It would easily work with certificates and they would actually be handled at the key level.
Hence the question, would this be the preferred solution? Is this the way everyone has been doing keys on the desktop all this time before sk-xxxx? Is this community and even company friendly (as it looks like)?
Leave your comments
Would be interesting to hear from people already doing this to figure out where each solution stands. Specially those who have more strict requirements (say certificates, etc...). Unfortunately there does not seem to be a one-size fits all and our options are even more reduced on iOS. I may have missed something as well, so please jump in.
Beta Was this translation helpful? Give feedback.
All reactions