GitHub 支援 SSH 使用 Security Key 了
source link: https://blog.gslin.org/archives/2021/05/13/10153/github-%e6%94%af%e6%8f%b4-ssh-%e4%bd%bf%e7%94%a8-security-key-%e4%ba%86/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
GitHub 支援 SSH 使用 Security Key 了
GitHub 宣佈支援使用 security key 的 SSH key 操作了:「Security keys are now supported for SSH Git operations」。
也就是需要 SSH key + security key 才有辦法認證,只有拿到 SSH key 或是 security key 都是沒有辦法認證過。
目前官方支援 ecdsa-sk 與 ed25519-sk:
Now you can use two additional key types: ecdsa-sk and ed25519-sk, where the “sk” suffix is short for “security key.”
不過在 Ubuntu 20.04 下用預設的系統只能支援 ecdsa-sk,因為 ed25519-sk 會遇到類似「ed25519 problem with libressl」這邊的問題,就算你用的是 OpenSSL。
然後生完 key 後在 ~/.ssh/config 裡面指定對 github.com 使用這把 key:
Host github.com
IdentityFile ~/.ssh/id_ecdsa_sk
接下來操作的時候就會需要碰一下 security key 了。
Related
OpenSSH 8.4 預設停用 ssh-rsa
前幾天 OpenSSH 8.4 釋出了:「Announce: OpenSSH 8.4 released」。 比較重要的改變是 ssh-rsa 預設變成停用,因為是使用 SHA-1 演算法的關係: It is now possible[1] to perform chosen-prefix attacks against the SHA-1 algorithm for less than USD$50K. For this reason, we will be disabling the "ssh-rsa" public key signature algorithm by default in a near-future release. 官方給了三個方案: The RFC8332…
October 3, 2020In "Computer"
GitHub 要求全面檢查 SSH Key
在 GitHub 被攻擊成功後 (參考 GitHub 官方所說的「Public Key Security Vulnerability and Mitigation」這篇),官方除了把漏洞修補完以外,接下來做了更積極的措施:暫停所有的 SSH key 存取權限,一律等到用戶 audit 確認過後才開放:「SSH Key Audit」。 這次 GitHub 除了修正問題、audit key 以外,另外還提出了新的機制讓用戶更容易發現異常存取行為,包括了: 新增 SSH public key 時要輸入密碼。 新增 SSH public key 成功後會寄信通知。 新增「Security History」頁面可以看到帳戶的安全狀況。 算是很積極補救的作法。 另外說明,要如何 audit key,也就是要如何取得你的 public key fingerprint: ssh-keygen -lf .ssh/id_rsa.pub (如果你是用 RSA) 或是 ssh-keygen -lf…
March 8, 2012In "Computer"
Author Gea-Suan LinPosted on May 13, 2021Categories Computer, Murmuring, Network, Security, Service, SoftwareTags ecdsa, ecdsa-sk, ed25519, ed25519-sk, fido, fido2, github, key, openssh, security, sk, ssh, ubuntu Leave a Reply Cancel reply
Your email address will not be published. Required fields are marked *
Comment
Name *
Email *
Website
Notify me of follow-up comments by email.
Notify me of new posts by email.
Post navigation
Recommend
-
46
I needed an SSH key. First I needed to the WSL subsystem, and once I had that working, I could do the work I needed to do: get an SSH key. There is a utility to help with this on Linux, called ssh-keygen. You run this at...
-
16
git clone 指定 ssh-key 其实我们往往会遇到这样一个问题 打个比方: 公司邮箱是:[email protected] 个人邮箱:[email protected] & [email protected] 我们分别有:公司git仓库 / github仓库...
-
32
最近在用git,感觉每次输入密码很不方便,想借助ssh key来实现(一种类似ssh命令中-i参数的机制)。现在问题解决了,这里总结下(从建库开始),也方便我以后查阅。 建立一个私有仓库 这里以test1目录示例:1、创建test1文件夹 ...
-
13
What’s in a SSH RSA key pair? You probably have your own closely guarded ssh key pair. Chances are good that it’s based on RSA, the default choice in ssh-keygen. RSA...
-
19
Introduction If you are using SSH keys with Git to clone and pull your repositories, you may have to manage several SSH keys. For example, it is common to setup a "deploy key" in GitHub (Repository | Settings | Deploy Keys
-
18
還原被碼掉的 PEM 資訊 (SSH RSA key) 在「Recovering a full PEM Private Key when half of it is redacted」這邊看到的,起因是
-
12
设置Linux系统SSH-KEY访问方式设置 作者: wencst 分类: linux,Uncategorized 发布时...
-
5
GitHub SSH key 没生效的问题 2021 8 月 20 日 GitHub SSH key 没生效的问题 通过
-
7
By Nish Tahir — Sep 5, 2022 How to enable SSH Key Verification with Git...
-
6
GitHub 更換 github.com 的 SSH host key (RSA 部份) 看到 GitHub 宣佈更換 SSH key (
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK