diff options
| author | djm@openbsd.org <djm@openbsd.org> | 2020-05-11 02:11:29 +0000 |
|---|---|---|
| committer | Damien Miller <djm@mindrot.org> | 2020-05-27 10:09:18 +1000 |
| commit | 5a442cec92c0efd6fffb4af84bf99c70af248ef3 (patch) | |
| tree | 0f165a28427b38ca88f9c9ec03565fd402d5dec6 | |
| parent | ecb2c02d994b3e21994f31a70ff911667c262f1f (diff) | |
upstream: clarify role of FIDO tokens in multi-factor
authentictation; mostly from Pedro Martelletto
OpenBSD-Commit-ID: fbe05685a1f99c74b1baca7130c5a03c2df7c0ac
| -rw-r--r-- | PROTOCOL.u2f | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/PROTOCOL.u2f b/PROTOCOL.u2f index 917e669cd..fd4325b3a 100644 --- a/PROTOCOL.u2f +++ b/PROTOCOL.u2f | |||
| @@ -39,6 +39,13 @@ the key handle be supplied for each signature operation. U2F tokens | |||
| 39 | primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2 | 39 | primarily use ECDSA signatures in the NIST-P256 field, though the FIDO2 |
| 40 | standard specifies additional key types, including one based on Ed25519. | 40 | standard specifies additional key types, including one based on Ed25519. |
| 41 | 41 | ||
| 42 | Use of U2F security keys does not automatically imply multi-factor | ||
| 43 | authentication. From sshd’s perspective, a security key constitutes a | ||
| 44 | single factor of authentication, even if protected by a PIN or biometric | ||
| 45 | authentication. To enable multi-factor authentication in ssh, please | ||
| 46 | refer to the AuthenticationMethods option in sshd_config(5). | ||
| 47 | |||
| 48 | |||
| 42 | SSH U2F Key formats | 49 | SSH U2F Key formats |
| 43 | ------------------- | 50 | ------------------- |
| 44 | 51 | ||