Skip to content

Fix server-side authentication with FIDO/U2F sk-* keys#809

Merged
tomaswolf merged 2 commits into
apache:masterfrom
tomaswolf:sk-keys
Aug 27, 2025
Merged

Fix server-side authentication with FIDO/U2F sk-* keys#809
tomaswolf merged 2 commits into
apache:masterfrom
tomaswolf:sk-keys

Conversation

@tomaswolf

@tomaswolf tomaswolf commented Aug 27, 2025

Copy link
Copy Markdown
Member

Respect server-side attributes that may be set in an authorized_keys file: no-touch-required and verify-required. These flags exist only server-side; the public keys received in an SSH_MSG_USERAUTH packet do not have them.

  • Ensure that we do not consider these flags when matching public keys received against the authorized_keys file.
  • Ensure that for signature verification, we do use a key that does carry these flags (i.e., created from the matching AuthorizedKeyEntry) so that we can properly check the flags in the signature.

Also throw an exception if there is bogus trailing data after the signature in the packet.

The public keys the server receives on the wire do not have any
flags that may be defined in authorized_keys. Therefore the
AuthorizedKeyEntriesPublickeyAuthenticator must not include the
flags in the keys used for the comparison.
Server-side, authorized_keys may define flags that are relevant for
signature verification of sk-* FIDO/U2F keys: no-touch-required and
verify-require. UserAuthPublicKey must therefore use the key from the
authenticator, which includes these flags, and not the key received on
the wire, which doesn't have them.

Also be more strict about trailing garbage after the signature.
@tomaswolf tomaswolf merged commit 80fc45f into apache:master Aug 27, 2025
7 checks passed
@tomaswolf tomaswolf deleted the sk-keys branch August 27, 2025 19:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant