Use FIDO2 key as SSH host key?

jet@hackertalks.com

https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html

I followed this guide and works fine for me, macos client.

aberrate_junior_beatnik@midwest.social

Not quite the same thing, but there's a project that lets you use TPM to protect your host keys: https://github.com/Foxboron/ssh-tpm-agent

gozz@lemmy.world

I possibly should put greater emphasis on the fact that I am talking about the host key, not the client key. This guide is for a client identity key. I am talking about host keys as you find in /etc/ssh/ssh_host_ed25519, etc.

jet@hackertalks.com

Can you explain to me the workflow you have envisioned for the host identity key in /etc/ssh being keyed of a FIDO2 secure element? You plug a secure element into a server?

gozz@lemmy.world

Yeah, the rough idea is to use any old FIDO2 key as a USB HSM. Not necessarily looking for a very practical solution (the easy fix would be to just encrypt the drive), but curious.
What inspired this, though not necessarily the final application, is Nix secret distribution tools that use the host key as the secret recipient. This means that theoretically if you have the host identity tied to an external HSM or similar you could have the same image deploy as different machines based on what security key you have plugged in.

jet@hackertalks.com

Fair enough;

Do a dry run for a CLIENT key, make sure you have the libfido2 middleware installed and working; Ensure you have set your sshd_config file properly with no-touch-required

From the documentation " Note: not all tokens support disabling the touch requirement." so do a test client side before banging your head on it.

xylogx@lemmy.world

What type of key do you have. Yubikey 5 supports multiple protocols including some you can use with SSH:

• Multi-protocol: YubiKey 5 Series is the most versatile security key supporting multiple authentication protocols including FIDO2/WebAuthn (hardware bound passkey), FIDO U2F, Yubico OTP, OATH-TOTP, OATH-HOTP, Smart card (PIV) and OpenPGP.

SSH would need to implement webauthn to support FIDO.

gozz@lemmy.world

I previously have had no issues using this as a client key, but honestly I wouldn't put it past myself to have picked the wrong key and not noticed. Maybe I will give it another try, but I don't think that's it.

gozz@lemmy.world

Got the client working (mostly) without issues again, though trying to imitate my process for host keys as closely as possible I did encounter some weirdness that led me to this open bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3355
So that may be the source of my issues... If they keys I was using suddenly were secretly requiring touch, it would explain a lot.
I can't right now but I will do another experiment with host keys when I can.
Still would love to see if anyone else is able to reproduce this behaviour or get it working.

natanael@slrpnk.net

You don't want FIDO2 security tokens for that, use an OpenPGP applet (works with some Yubikeys and with many programmable smartcards)

gozz@lemmy.world

FYI I got it working, please see the update above.

gozz@lemmy.world

I am familiar with these alternatives. My experiment was specific in wanting FIDO2 and I ended up figuring out the issue. It was the intersection of a couple of weird behaviours that made debugging very confusing, but it works exactly as I expected it would once those are resolved. I guess we can consider this a proof of concept that you can indeed use FIDO2 tokens as an external SSH host key (though as I said below whether this is practically useful is another matter entirely).

jet@hackertalks.com

That's awesome!

ricecake@sh.itjust.works

Unfortunately, I think you're going to run into trouble because fido authenticators are geared towards working as user authenticators rather than as device authenticators.
It certainly should be possible from a technical perspective, but implementation-wise, it's very likely that the code focuses on making fido devices work with client keys, and using tpms for host keys, since that's much more focused on headless server functionality.

Oval peg in a round hole.

natanael@slrpnk.net

Your workaround is precisely why I said "more practical". Any updates to your tooling might break it because it's not an expected usecase

xylogx@lemmy.world

Looks like this happened:

OpenSSH server has had built-in support for WebAuthn keys since 8.2.

oisteink@feddit.nl

Been using this for a while - yubico has a nice guide. Dunno why you struggled to find good info as i can just google «fifo2 ssh» and use the top link

oisteink@feddit.nl

Nah - storing cryptographic key pairs is a supported and valid use-case for fido2

ricecake@sh.itjust.works

It wasn't the crypto key pair part I was referring to, it was the part where fido is geared towards interactive user auth, not non-interactive storage.
It wouldn't have surprised me if the ssh devs hadn't put implementing fido support for host keys high in the development list, or that it was tricky to find documentation for. Using something like a tpm is the more typical method.

There's no technical reason it can't work, and the op got it to work so clearly the implementation supports it, but that doesn't mean it's the most expected setup, which means it might have unexpected gaps in functionality or terrible documentation.

oisteink@feddit.nl

Yeah - i mistook it for user keys, not host. Im guessing they used piv/smart-card and not fido, as fido is indeed made with interactive use in mind