1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-25 16:22:43 +01:00

Add support for FIDO2-backed SSH keys

Summary:
U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication.

These keys are available since OpenSSH 8.2 (2020-02-14).

https://www.openssh.com/txt/release-8.2

https://security.stackexchange.com/q/240991/260234

Ref Q96

Test Plan: Check the added keys. They exactly match the output of the command 'ssh -Q key'.

Reviewers: O1 Blessed Committers, antonia, avivey

Reviewed By: O1 Blessed Committers, antonia, avivey

Subscribers: avivey, tobiaswiese, Matthew, Cigaryno

Differential Revision: https://we.phorge.it/D25508
This commit is contained in:
Valerio Bozzolan 2024-01-08 19:07:34 +01:00
parent d92ed9ce0c
commit 6fe942a8f9

View file

@ -55,11 +55,15 @@ final class PhabricatorAuthSSHPublicKey extends Phobject {
list($type, $body, $comment) = $parts;
// The only goal is to prevent user error by nonsense input.
// This is just a meaningful subset from 'ssh -Q key'.
$recognized_keys = array(
'ssh-dsa',
'ssh-dss',
'ssh-rsa',
'ssh-ed25519',
'sk-ssh-ed25519@openssh.com',
'sk-ecdsa-sha2-nistp256@openssh.com',
'ecdsa-sha2-nistp256',
'ecdsa-sha2-nistp384',
'ecdsa-sha2-nistp521',