Newer openssh clients and servers can use FIDO2-augmented private keys (these are the key types like ed25519-sk). Basically you have a normal keypair stored on the client device, plus the server requires a passing a FIDO2 challenge against the yubikey.
I've already ssh'd to my work machine. I want to send an HTTP request to my company's internal web API from that machine, but we only use webauthn credentials. I'm going to use curl to send the request to the web API. With basic username/password auth or totp it's easy for me to write a script that prompts me for my password/totp code and marshals in into the expected format. How do I do this with my FIDO2 private key in a way that doesn't completely undermine the whole process?
Doesn't this only solve the problem for resources I am accessing over SSH? What about if I wanted to access something over HTTP like my web browser does?
johncolanduoni|2 years ago
pipe_connector|2 years ago
I've already ssh'd to my work machine. I want to send an HTTP request to my company's internal web API from that machine, but we only use webauthn credentials. I'm going to use curl to send the request to the web API. With basic username/password auth or totp it's easy for me to write a script that prompts me for my password/totp code and marshals in into the expected format. How do I do this with my FIDO2 private key in a way that doesn't completely undermine the whole process?
deng|2 years ago
pipe_connector|2 years ago
visualphoenix|2 years ago
pipe_connector|2 years ago
unknown|2 years ago
[deleted]