@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.)
hq.recaptime.dev/wiki/Phorge
phorge
phabricator
Add support for FIDO2-backed SSH keys
Summary:
U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication.
These keys are available since OpenSSH 8.2 (2020-02-14).
https://www.openssh.com/txt/release-8.2
https://security.stackexchange.com/q/240991/260234
Ref Q96
Test Plan: Check the added keys. They exactly match the output of the command 'ssh -Q key'.
Reviewers: O1 Blessed Committers, antonia, avivey
Reviewed By: O1 Blessed Committers, antonia, avivey
Subscribers: avivey, tobiaswiese, Matthew, Cigaryno
Differential Revision: https://we.phorge.it/D25508
+4
+4
src/applications/auth/sshkey/PhabricatorAuthSSHPublicKey.php
+4
src/applications/auth/sshkey/PhabricatorAuthSSHPublicKey.php
···
55
55
56
56
list($type, $body, $comment) = $parts;
57
57
58
+
// The only goal is to prevent user error by nonsense input.
59
+
// This is just a meaningful subset from 'ssh -Q key'.
58
60
$recognized_keys = array(
59
61
'ssh-dsa',
60
62
'ssh-dss',
61
63
'ssh-rsa',
62
64
'ssh-ed25519',
65
+
'sk-ssh-ed25519@openssh.com',
66
+
'sk-ecdsa-sha2-nistp256@openssh.com',
63
67
'ecdsa-sha2-nistp256',
64
68
'ecdsa-sha2-nistp384',
65
69
'ecdsa-sha2-nistp521',