Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > General

Reply
 
Thread Tools Display Modes
  #1  
Old 12-14-2019, 09:55 PM
zibadun zibadun is offline
Registered User
 
Join Date: Dec 2017
Posts: 7
Authentication with U2F or FIDO2 devices

I was wondering if there are any thoughts about support of U2F protocol in SecurCRT to allow SSH logins using hardware tokens (such us Thetis FIDO https://www.amazon.com/Thetis-Univer.../dp/B06XHTKFH3 ).

These tokens contain a 256 bit EC key and provide a protocol for secure ECDSA signing. I was able to extract the public key from my token using simple python program. Seems that this could provide a secure and convenient logins.
Reply With Quote
  #2  
Old 12-15-2019, 12:33 PM
bgagnon bgagnon is offline
VanDyke Technical Support
 
Join Date: Oct 2008
Posts: 4,322
Hi Zibadun,

We have many customers using recent versions of SecureCRT for CAC/PIV (MFA/U2F) authentication to devices/systems.

See this post about smartcard authentication.

Now I do not know that we have had anyone specifically report getting SecureCRT to work with Fido so I have added this thread to a feature request in our product enhancement database to add support for FIDO U2F authentication. Should a future release of SecureCRT include this feature, notification will be posted here.

If you prefer direct email notification, send an email to support@vandyke.com and include Feature Request - Forum Thread #14009 in the subject line or use this form from the support page of our website.
__________________
Thanks,
--Brenda

VanDyke Software
Technical Support
support@vandyke.com
(505) 332-5730

Last edited by bgagnon; 12-15-2019 at 12:52 PM. Reason: added a word for clarifiaction
Reply With Quote
  #3  
Old 12-15-2019, 09:58 PM
zibadun zibadun is offline
Registered User
 
Join Date: Dec 2017
Posts: 7
Hi Brenda

Yes, I'm familiar with the SecureCRT CAPI auth and we use that at work to login with the PIV cards. It works great!

U2F is an alternative, recently added to openssh-portable. I believe the short Key ID is stored in place of the private which is passed to a FIDO device in order to derive the private key. A couple of links with the info:

https://undeadly.org/cgi?action=arti...20191115064850
https://schulz.dk/2019/11/04/openssh...for-u2f-fido2/

Thank you for considering this.
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 02:35 PM.