Post AT98WbzMCzmnfSn5dY by smortex@mamot.fr
 (DIR) More posts by smortex@mamot.fr
 (DIR) Post #AT98WbzMCzmnfSn5dY by smortex@mamot.fr
       2023-02-28T04:52:58Z
       
       0 likes, 0 repeats
       
       I updated my main system from #FreeBSD 13.1-RELEASE to 13.2-BETA3 which include fixes in the USB stack (bin/263995) that basically prevented usage of #ssh ed25519-sk keys (those relying on hardware security keys, e.g. #Yubikey).A whole new world is opening, one where you can forward your agent to remote systems you only marginally trust and where #sudo can be configured to use this forwarded SSH agent to authorize users.w00t!
       
 (DIR) Post #AT98WcSmRbK18iYaUy by feld@bikeshed.party
       2023-02-28T18:21:18.246519Z
       
       0 likes, 0 repeats
       
       But I've been using my ssh keys on my yubikeys for years with no problems on FreeBSD? What special weird mode is this? I'm using the smartcard functionality and gpg-agent
       
 (DIR) Post #AT9Af6FJnPAVjbQou8 by smortex@mamot.fr
       2023-02-28T18:27:25Z
       
       0 likes, 0 repeats
       
       @feld It is about using ed25519-sk / ecdsa-sk keys where the private key on disk is not enough to get access, and you need the associated Yubikey and a user interaction to confirm the operation (i.e. touch the key).https://undeadly.org/cgi?action=article;sid=20191115064850
       
 (DIR) Post #AT9Af7HTwqUewbS3uq by feld@bikeshed.party
       2023-02-28T18:45:10.341482Z
       
       0 likes, 0 repeats
       
       I see. With my method the private key is on your yubikey and you need to touch it to use it.