patch to userdir-ldap to accomodate yubikey generated ssh keys
In 2020, OpenSSH 8.2 was released which supports FIDO (Fast Identity
Online) security keys. The public key type is used by hardware tokens,
such as (but not limited to) Yubikeys, to generate a 'security key' (sk)
public key of either ecdsa-sk
or ed25519-sk
key pairs.
The ed25519-sk
key type is only supported by new Yubikeys with firmware 5.2.3
or higher, which supports FIDO2. Keys with firmware below that version are only
compatible with ecdsa-sk
key types.
I've patched[0] userdir-ldap to support these keytypes, so that debian users can add and use them.
This change builds on a previous change (caa57689) which added support
for ecdsa-sha2-nistp256 keys, by also allowing for the sk-
prefix for
public keys.
Ssh public keys generated on a security token will look like one of the following: