OpenSSH is a BSD/Linux implementation of SSH1 and SSH2 for encrypted terminal connections, tunneling and file transfers.It includes the sshd server, scp and sftp, and various utility tools such as ssh-add, ssh-agent, ssh-keysign, ssh-keyscan, ssh-keygen, and the sftp-server.
minor feature: This release contains some significant new features.FIDO/U2F Support.This release adds support for FIDO/U2F hardware authenticators to.OpenSSH. U2F/FIDO are open standards for inexpensive two-factorAuthentication hardware that are widely used for websiteAuthentication. In OpenSSH FIDO devices are supported by new publicKey types "ecdsa-sk" and "ed25519-sk", along with correspondingCertificate types.Ssh-keygen(1) may be used to generate a FIDO token-backed key, after.Which they may be used much like any other key type supported byOpenSSH, so long as the hardware token is attached when the keys areUsed. FIDO tokens also generally require the user explicitly authoriseOperations by touching or tapping them.Generating a FIDO key requires the token be attached, and will usually.Require the user tap the token to confirm the operation:ssh-keygen -t ecdsa-sk -f /.ssh/id_ecdsa_skGenerating public/private ecdsa-sk key pair.You may need to touch your security key to authorize key generation.Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk):Enter passphrase (empty for no passphrase):Enter same passphrase again:Your identification has been saved in /home/djm/.ssh/id_ecdsa_skYour public key has been saved in /home/djm/.ssh/id_ecdsa_sk.pub.This will yield a public and private key-pair. The private key file.Should be useless to an attacker who does not have access to thePhysical token. After generation, this key may be used like any otherSupported key in OpenSSH and may be listed in authorized_keys, addedto ssh-agent(1), etc. The only additional stipulation is that the FIDOToken that the key belongs to must be attached when the key is used.FIDO tokens are most commonly connected via USB but may be attached.Via other means such as Bluetooth or NFC. In OpenSSH, communicationWith the token is managed via a middleware library, specified by theSecurityKeyProvider directive in ssh/sshd_config(5) or theSSH_SK_PROVIDER environment variable fo