Thanks for suggestion, I already have seen it and even contacted SSH developer Damien Miller regarding FIDO key support a few weeks ago.
What I am looking for right now is something different, it is if ssh-pkcs11-helper works with SSHD daemon on OpenBSD to store there its server private key in a general Nitrokey Pro 2 (not HSM). Btw, I am going to use several client side dongles at once for a single SSH session like Rutoken ECP2, FIDO2, and Nitrokey Pro 2 only on the server yet. > On Wed, May 13, 2020 at 12:59:26PM +0200, i...@aulix.com wrote: > >> Thanks for your suggestion, >> >> but googling for keys: +openbsd +nitrokey >> >> does not indicate anything interesting except a few of my own questions on >> the Nitrokey support forum. > > I had to look up "Nitrokey" to verify that it was what I thought it was, but > that had me > do a quick search for "OpenSSH FIDO support", which turned up among other > things this > article: https://undeadly.org/cgi?action=article;sid=20191115064850 as well > as a number > of blog posts and HOWTO-ish pieces that seem to indicate that quite likely > the combination > would work. > > I haven't tried the thing myself, but you should be able to find the same > stuff I did > on the web. Then you could probably find a way to test with an OpenBSD setup > in a way > that does not break things too horribly in case anything fails. > > All the best, > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
