https://bugzilla.mindrot.org/show_bug.cgi?id=2319
--- Comment #6 from Michael Stapelberg <michael+mind...@stapelberg.de> --- (In reply to Damien Miller from comment #5) > (In reply to Michael Stapelberg from comment #3) > > (In reply to Damien Miller from comment #2) > > > I think it is best that you start with a description of the "u2f" > > > authentication method protocol - it's much better to review that the > > > protocol is sound before looking at the implementation. Could you > > > write this up? > > > > From that comment it sounds like there is some misunderstanding here > > :). > > > > U2F stands for Universal Second Factor, see also > > http://en.wikipedia.org/wiki/Universal_2nd_Factor > > > > You can find the protocol specification on > > http://fidoalliance.org/specifications/download/ > > > > I’ve done a presentation at our local computer club, you can find > > the slides here: > > https://www.noname-ev.de/w/File:C14h-u2f-how-security-keys-work.pdf > > — they contain a pretty high-level and easy to understand > > description of U2F. > > > > Is that what you were looking for? If not, let me know :). > > No, I'm looking for a description of what goes on the wire for SSH. > Like what RFC4252 does for the existing SSH authentication methods. Ah, I see. Here goes: When the client starts the u2f authentication, it sends: byte SSH_MSG_USERAUTH_REQUEST string user name in ISO-10646 UTF-8 encoding [RFC3629] string service name in US-ASCII string method name in US-ASCII uint32 U2F mode (authentication or registration) 1) In case the client requests registration, the server replies with: byte SSH2_MSG_USERAUTH_INFO_REQUEST string RegisterRequest Where RegisterRequest is specified in http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-registerrequest-members After sending 'RegisterRequest' to the U2F security key, the client sends back the security key’s response (see http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-registerresponse-members): byte SSH2_MSG_USERAUTH_INFO_RESPONSE string RegisterResponse Once the server verified the 'RegisterResponse' indeed signed the original challenge, it extracts the user’s U2F public key and sends back a ssh-u2f key line which the user should add to her authorized_keys file: byte SSH2_MSG_USERAUTH_INFO_REQUEST string authorizedKey 2) In case the client requests authentication, the server replies with: byte SSH2_MSG_USERAUTH_INFO_REQUEST string SignRequest After sending 'SignRequest' (see http://fidoalliance.org/specs/fido-u2f-v1.0-ps-20141009/fido-u2f-javascript-api-ps-20141009.html#dictionary-signrequest-members) to the U2F security key, the client sends back the security key’s response: byte SSH2_MSG_USERAUTH_INFO_RESPONSE string SignResponse The authentication is successful if the server successfully verifies that the signature on the 'SignResponse' was created with the formerly registered public key. As you can see, the protocol on the wire is fairly simple — I just follow the JavaScript API because that is what libu2f-host expects. Hope that helps, let me know if you have more questions. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs