It seems that the SSH package in Golang may support SK keys. I would like to test if it's possible when I have some time.
https://github.com/search?q=repo%3Agolang%2Fcrypto%20SKED25519&type=code

from omnisshagent.

Is there any news on this topic yet?

from omnisshagent.

I am currently investigating how to use the SK key. The following is the progress of the check and TODO.

• The golang crypto/ssh library defines the structure for the SK key, but it doesn't seem to have an interface ready to use the SK key.
• OpenSSH uses the libfido2 library. How to use it from go?
  FIDO authenticator has several options.

TODO:

• Investigate how to use libfido2
• Investigate which FIDO authenticator options are necessary

from omnisshagent.

Basically I think the no-touch feature makes little sense with Yubikeys, then I can create a key and put it on an encrypted drive and only mount it when needed. The "more" security is then simply moot.

from omnisshagent.

You might be able to use ssh-sk-helper to your advantage.

https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html

Using FIDO2 Keys with Windows Subsystem for Linux (WSL) on Windows

In addition to a native SSH client, the Windows OpenSSH beta release also contains an SSH_SK_HELPER that can be used to bridge the host’s FIDO2 support to WSL. All of this configuration must be done from inside the WSL environment, and relies on the Windows environment to be working correctly.

from omnisshagent.

https://www.reddit.com/r/yubikey/comments/11bot5f/minimum_requirements_for_notouchrequired_ssh/

It seems there are various challenges in using the no-touch-required option to enable key usage without touching. The YubiKey5 I have on hand doesn't work well with Openssh v9.2.2.0p1-Beta.

from omnisshagent.