FIDO authentication

Christian Weisgerber naddy at mips.inka.de
Wed Jun 3 15:20:10 UTC 2020


On 2020-05-27, Robert Huff <roberthuff at rcn.com> wrote:

> 	Various sites are reporting the FIDO Alliance
> ("https://www.fidoalliance.org") has announced a major common
> authentication initiative support by (/inter alia/) Google, Microsoft, 
> and Apple.
> 	I'm assuming this requires some level of OS support; is anyone in
> the FreeBSD community aware of/interested in this?

I depends on where you want to make use of this type of authentication.

At the application level, you only need access to uhid(4) devices.
You can install the security/u2f-devd port and add the user to group
u2f.  That is enough to use basic U2F (FIDO1) support in Firefox.

uhid1 on uhub0
uhid1: <Yubico Security Key by Yubico, class 0/0, rev 2.00/5.12, addr 19> on usbus0

Works fine for me at
https://demo.yubico.com/

OpenSSH 8.2 has added support for U2F/FIDO hardware authenticators:
https://www.openssh.com/txt/release-8.2
I haven't checked to what degree the security/openssh-portable port
supports this.

-- 
Christian "naddy" Weisgerber                          naddy at mips.inka.de


More information about the freebsd-questions mailing list