{"id":28502867,"url":"https://github.com/psmiraglia/openssh-u2f-solokeys","last_synced_at":"2025-10-12T12:03:42.416Z","repository":{"id":92890860,"uuid":"246085961","full_name":"psmiraglia/openssh-u2f-solokeys","owner":"psmiraglia","description":"Implement FIDO U2F in OpenSSH with SoloKeys","archived":false,"fork":false,"pushed_at":"2020-03-09T16:28:56.000Z","size":4,"stargazers_count":22,"open_issues_count":0,"forks_count":2,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-07-05T12:44:25.689Z","etag":null,"topics":["fido-u2f","openssh","solokeys"],"latest_commit_sha":null,"homepage":null,"language":"Dockerfile","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/psmiraglia.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2020-03-09T16:25:17.000Z","updated_at":"2025-03-13T14:37:00.000Z","dependencies_parsed_at":null,"dependency_job_id":"1da13f27-65b0-465b-9a16-f8ea8e5bc146","html_url":"https://github.com/psmiraglia/openssh-u2f-solokeys","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/psmiraglia/openssh-u2f-solokeys","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psmiraglia%2Fopenssh-u2f-solokeys","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psmiraglia%2Fopenssh-u2f-solokeys/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psmiraglia%2Fopenssh-u2f-solokeys/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psmiraglia%2Fopenssh-u2f-solokeys/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/psmiraglia","download_url":"https://codeload.github.com/psmiraglia/openssh-u2f-solokeys/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psmiraglia%2Fopenssh-u2f-solokeys/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279011278,"owners_count":26084928,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-12T02:00:06.719Z","response_time":53,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["fido-u2f","openssh","solokeys"],"created_at":"2025-06-08T16:38:22.807Z","updated_at":"2025-10-12T12:03:42.411Z","avatar_url":"https://github.com/psmiraglia.png","language":"Dockerfile","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Implement FIDO U2F in OpenSSH with SoloKeys\n\nAccording to [release notes](https://www.openssh.com/txt/release-8.2),\nOpenSSH 8.2 introduces the support for\n[FIDO Universal 2nd Factor (U2F)](https://fidoalliance.org/specifications).\n[SoloKeys](https://solokeys.com) are FIDO2 security keys so, why not using\nthem to test the new OpenSSH feature?\n\n**Note:** The tutorial considers as starting point a minimal fresh\ninstallation of Ubuntu 18.04 and a Solo key with firmware at 3.1.2 version.\n\n## Dependencies\n\nInstall dependencies to build OpenSSH from sources\n\n    $ sudo apt-get install build-essential libcbor-dev libssl-dev zlib1g-dev\n\nInstall [`libfido2`](https://github.com/Yubico/libfido2)\n\n    $ sudo apt-add-repository ppa:yubico/stable\n    $ sudo apt update\n    $ sudo apt-get install libfido2-dev libfido2-udev\n\n## Build OpenSSH\n\nGet the sources\n\n    $ wget https://openbsd.mirror.garr.it/pub/OpenBSD/OpenSSH/portable/openssh-8.2p1.tar.gz\n    $ tar zxvf openssh-8.2p1.tar.gz\n    $ cd openssh-8.2p1\n\nBuild and install OpenSSH under `/home/user/openssh`\n\n    $ ./configure --prefix=/home/user/openssh --with-security-key-builtin\n    $ make\n    $ make install\n\nVerify the installation\n\n    $ ~/openssh/bin/ssh -V\n    OpenSSH_8.2p1, OpenSSL 1.1.1  11 Sep 2018\n\n## Generate a keypair\n\nGenerate an ECDSA keypair\n\n    $ ./openssh/bin/ssh-keygen -vvvv -t ecdsa-sk -C \"My Solo Key\"\n    Generating public/private ecdsa-sk key pair.\n    You may need to touch your authenticator to authorize key generation.\n    debug3: start_helper: started pid=12093\n    debug3: ssh_msg_send: type 5\n    debug1: start_helper: starting /home/user/openssh/libexec/ssh-sk-helper\n    debug3: ssh_msg_recv entering\n    debug1: sshsk_enroll: provider \"internal\", device \"(null)\", application \"ssh:\", userid \"(null)\", flags 0x01, challenge len 0\n    debug1: sshsk_enroll: using random challenge\n    debug1: ssh_sk_enroll: using device /dev/hidraw1\n\n    (...press your Solo key...)\n\n    debug3: ssh_sk_enroll: attestation cert len=775\n    debug1: ssh-sk-helper: reply len 1102\n    debug3: ssh_msg_send: type 5\n    debug3: reap_helper: pid=12093\n    Enter file in which to save the key (/home/user/.ssh/id_ecdsa_sk):\n    Enter passphrase (empty for no passphrase):\n    Enter same passphrase again:\n    Your identification has been saved in /home/user/.ssh/id_ecdsa_sk\n    Your public key has been saved in /home/user/.ssh/id_ecdsa_sk.pub\n    The key fingerprint is:\n    SHA256:diHAp8OzNzFDfTr+kLu4RTpSlYggDx7SjF1FdJsJWFY SoloKeys\n    The key's randomart image is:\n    +-[ECDSA-SK 256]--+\n    |.=+.oBO.E.       |\n    |.o+=.o.=o=...    |\n    |  . ...+* +o     |\n    |      = +oo.     |\n    |       +S=oo     |\n    |      .oo++      |\n    |      ..o..+     |\n    |       . +. .    |\n    |        o...     |\n    +----[SHA256]-----+\n\nAppend the pubkey to the `authorized_keys` file\n\n    $ cat .ssh/id_ecdsa_sk.pub \u003e\u003e .ssh/authorized_keys\n\n## Run the demo\n\nRun the `sshd` daemon in foreground (`-D`) with debug mode enabled (`-d`) and\nbound to an alternative port (`-p 2222`)\n\n    $ /home/user/openssh/sbin/sshd -d -D -p 2222\n    debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1  11 Sep 2018\n    debug1: private host key #0: ssh-rsa SHA256:/Suom4amAqBzq7sN0qbDgsum6/owzbfyvavlt1Y116s\n    debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:7bYdBHpS3hz+GT5VXakyE++zaKiTzVnbywKkA6SXpCE\n    debug1: private host key #2: ssh-ed25519 SHA256:EtA3mECbpO4aRTFr0Af08MVGw7cu9AG8Q6pWDuBN670\n    debug1: setgroups() failed: Operation not permitted\n    debug1: rexec_argv[0]='/home/user/openssh/sbin/sshd'\n    debug1: rexec_argv[1]='-dD'\n    debug1: rexec_argv[2]='-p'\n    debug1: rexec_argv[3]='2222'\n    debug1: Set /proc/self/oom_score_adj from 0 to -1000\n    debug1: Bind to port 2222 on 0.0.0.0.\n    Server listening on 0.0.0.0 port 2222.\n    debug1: Bind to port 2222 on ::.\n    Server listening on :: port 2222.\n\nAlternatively, you can build and run a Docker image that implements an\nOpenSSH server\n\n    $ cd server\n    $ cat .ssh/id_ecdsa_sk.pub \u003e\u003e rootfs/root/.ssh/authorized_keys\n    $ sudo docker build --tag myssh .\n    $ sudo docker run -t --rm --name myssh -p 2222:2222 myssh\n    debug1: sshd version OpenSSH_8.2, OpenSSL 1.1.1d  10 Sep 2019\n    debug1: private host key #0: ssh-rsa SHA256:z/oEq7K935t9dJ2uDMAELeXFloO0ubYp2zA+oLbLLac\n    debug1: private host key #1: ecdsa-sha2-nistp256 SHA256:1X/seu5/F4YYXlwz4d/arqBisR0iE9jXFKzeypzgqgM\n    debug1: private host key #2: ssh-ed25519 SHA256:FT9DIarCeG5p9+1FYSsxXLwmI3wN3jOK+ImjU8oT9PE\n    debug1: rexec_argv[0]='/usr/sbin/sshd'\n    debug1: rexec_argv[1]='-Dd'\n    debug1: Set /proc/self/oom_score_adj from 0 to -1000\n    debug1: Bind to port 2222 on 0.0.0.0.\n    Server listening on 0.0.0.0 port 2222.\n    debug1: Bind to port 2222 on ::.\n    Server listening on :: port 2222.\n\nOpen another terminal and try to login\n\n    $ ./openssh/bin/ssh -l user -p 2222 -i .ssh/id_ecdsa_sk localhost\n    Confirm user presence for key ECDSA-SK SHA256:diHAp8OzNzFDfTr+kLu4RTpSlYggDx7SjF1FdJsJWFY\n\n    (...press your Solo key...)\n\n    Last login: Mon Mar  2 17:30:37 2020 from ::1\n    Environment:\n      USER=user\n      LOGNAME=user\n      HOME=/home/user\n      PATH=/usr/bin:/bin:/usr/sbin:/sbin:/home/user/openssh/bin\n      MAIL=/var/mail/user\n      SHELL=/bin/bash\n      TERM=xterm-256color\n      SSH_CLIENT=::1 47732 2222\n      SSH_CONNECTION=::1 47732 ::1 2222\n      SSH_TTY=/dev/pts/3\n\nEnjoy with SoloKeys, OpenSSH and FIDO2 U2F!!!\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsmiraglia%2Fopenssh-u2f-solokeys","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpsmiraglia%2Fopenssh-u2f-solokeys","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsmiraglia%2Fopenssh-u2f-solokeys/lists"}