Hi Nick, 1. Yubikey - SSH We use USB-C v5 Yubkikey's for 2fa. And we create based on ed25519 - "sk" key's. When I enter my public "sk-ed25519" SSH key in the "ssh" connection profile, it doesn't establish the SSH connection.
The SK variants (ECDSA-SK and Ed25519-SK) provide hardware-backed options generated with ssh-keygen -t ecdsa-sk or -t ed25519-sk. In OpenSSH FIDO devices are supported by new public key types "ecdsa-sk" and "ed25519-sk", along with corresponding certificate types. FIDO/U2F Support This release adds support for FIDO/U2F hardware authenticators to OpenSSH. U2F/FIDO are open standards for inexpensive two-factor authentication hardware that are widely used for website authentication. In OpenSSH FIDO devices are supported by new public key types "ecdsa-sk" and "ed25519-sk", along with corresponding certificate types. thanks.... Thomas Nick Couchman <[email protected]> schrieb am Sonntag, 25. Januar 2026 um 19:54: > On Sun, Jan 18, 2026 at 12:43 PM IT-Thirty [email protected] wrote: > > > Hello, > > > > I have two questions or requirements. > > > > 1. SSH > > We only use YubiKeys for SSH access to Linux. > > The SSH keys are called "sk_ed25519". > > > > Unfortunately, I can't get it to work when I try to access my Linux system > > via SSH using Guacamole. > > ED25519 without "sk" works. > > > I'm not sure I get what you mean, here? Can you clarify the > configurations that work and those that don't? Could you also clarify > what it means when you say it doesn't work? Behavior? Log messages? > > > 2. WebGUI 2FA > > Currently, we have "totp" and "Duo". > > Will "WebAuthn" be added via YubiKey? > > Thanks... > > > I do not know of any efforts currently to add this. That said, my > understanding is that YubiKey is just a hardware-based certificate, > and Guacamole does have a SSO SSL module, so it may be possible to use > that? It might require some further code modification, but I would > imagine it's possible, I just don't know of anyone working on it at > the moment. > > -Nick
