Here’s excellent news for sysadmins. You can now use a physical security key as hardware-based two-factor authentication to securely log into a remote system via SSH protocol.
OpenSSH, one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol, yesterday announced the 8.2 version of the software that primarily includes two new significant security enhancements.
First, OpenSSH 8.2 added support for FIDO/U2F hardware authenticators, and the second, it has deprecated SSH-RSA public key signature algorithm and planned to disable it by default in the future versions of the software.
FIDO (Fast Identity Online) protocol based hardware security devices are stronger and fool-proof mechanisms for authentication because it enables public-key cryptography to protect against advanced malware, phishing, and man-in-the-middle attacks.
“In OpenSSH, FIDO devices are supported by new public key types’ ecdsa-sk’ and ‘ed25519-sk’, along with corresponding certificate types,” the OpenSSH 8.2 release note says.
images from Hacker News