BlackPropaganda · September 22, 2022 21:58
diff --git a/U2F_ssh_ecdsa.txt b/U2F_ssh_ecdsa.txt
 #
 # U2F SSH key generation and installation guide
 #

 # install U2F libraries on client machine
 sudo apt-get install pamu2fcfg libpam-u2f

 #
 # Currently, there are only two ciphers that support
 # 'special keys' or (sk) this is the notation in the
 # output of the 'ssh-keygen --help' command.
 #
 # The flipper only seems to support ecdsa-sk keys.
 #

 #
 # First, plug in your flipper, launch the U2F extension
 # and verify it's connected.
 #
 lsusb | grep U2F

 # the output should look a little like this:
 Bus 00x Device 00x: ID xxxx:xxxx STMicroelectronics U2F Token

 # To generate U2F-key pair ecdsa-sk id file:
 #
 ssh-keygen -t ecdsa-sk -f <output file>

 # once the command executes, ssh-keygen will hang until you
 # touch the center button of the flipper to register the key.
 #
 # the command output will look like this:
 You may need to touch your authenticator to authorize key generation.

 # once you tap the flipper, ssh-keygen will prompt for an x509 password
 # for the key, this is optional. After this, the key should be generated
 # to the output file specified in the parameter in ssh-keygen found above.
 #

 # to enable pubkey authentication, you must first login to the server via ssh
 # or login to it physically.
 ssh <user>@<target_host>

 # Once the key has been generated, enable pubkey authentication on the server
 # this is done by uncommenting a this line in /etc/ssh/sshd_config on the server:

 sudo vi /etc/ssh/sshd_config

 # or if you like nano ;)
 sudo nano /etc/ssh/sshd_config

 # uncomment this line in that file:

 #PubkeyAuthentication yes

 # create ~/.ssh inside of a desired users home directory on the server.
 mkdir ~/.ssh; touch ~/.ssh/authorized_keys

 # reset the ssh daemon on the server and go back to your host
 service sshd restart; exit

 # on your local host, register the generated ssh key using this command:
 ssh-copy-id -i id_ecdsa_sk.pub <user>@<target_host>

 # Then sign in with PAM, after this you are free to
 # login to your host with:

 ssh -i id_ecdsa_sk <user>@<target_host>
	#
	# U2F SSH key generation and installation guide
	#

	# install U2F libraries on client machine
	sudo apt-get install pamu2fcfg libpam-u2f

	#
	# Currently, there are only two ciphers that support
	# 'special keys' or (sk) this is the notation in the
	# output of the 'ssh-keygen --help' command.
	#
	# The flipper only seems to support ecdsa-sk keys.
	#

	#
	# First, plug in your flipper, launch the U2F extension
	# and verify it's connected.
	#
	lsusb \| grep U2F

	# the output should look a little like this:
	Bus 00x Device 00x: ID xxxx:xxxx STMicroelectronics U2F Token

	# To generate U2F-key pair ecdsa-sk id file:
	#
	ssh-keygen -t ecdsa-sk -f <output file>

	# once the command executes, ssh-keygen will hang until you
	# touch the center button of the flipper to register the key.
	#
	# the command output will look like this:
	You may need to touch your authenticator to authorize key generation.

	# once you tap the flipper, ssh-keygen will prompt for an x509 password
	# for the key, this is optional. After this, the key should be generated
	# to the output file specified in the parameter in ssh-keygen found above.
	#

	# to enable pubkey authentication, you must first login to the server via ssh
	# or login to it physically.
	ssh <user>@<target_host>

	# Once the key has been generated, enable pubkey authentication on the server
	# this is done by uncommenting a this line in /etc/ssh/sshd_config on the server:

	sudo vi /etc/ssh/sshd_config

	# or if you like nano ;)
	sudo nano /etc/ssh/sshd_config

	# uncomment this line in that file:

	#PubkeyAuthentication yes

	# create ~/.ssh inside of a desired users home directory on the server.
	mkdir ~/.ssh; touch ~/.ssh/authorized_keys

	# reset the ssh daemon on the server and go back to your host
	service sshd restart; exit

	# on your local host, register the generated ssh key using this command:
	ssh-copy-id -i id_ecdsa_sk.pub <user>@<target_host>

	# Then sign in with PAM, after this you are free to
	# login to your host with:

	ssh -i id_ecdsa_sk <user>@<target_host>