With OpenSSH, the Internet’s most popular utility for managing remote servers has been added to support the FIDO / U2F protocol.
This means that, starting with OpenSSH is 8.2, released today, users can configure the hardware security key to authenticate via SSH on a remote server.
After users log on to a server using a username and password or an SSH authentication certificate, they must have a USB or Bluetooth or NFC-based security key enabled for FIDO / U2F, a second proof of identity.
With the help of security currently considered one of the most powerful methods of multifactorial authentication (MFA), they are now well known.
With the help of MFA, commonly referred to as 2FA (two-factor authentication), it is one of the easiest ways to prevent hackers from guessing or brutally forcing your SSH password and gaining control over your server.
Last year, Microsoft said the company’s customers, who enabled MFA for their Microsoft account, blocked 99.9% of all account hacker attempts and saw how easy or difficult it is to work with a security solution. MFA that is today.
In a table below, published in October, Microsoft is classified as FIDO-based hardware security keys by far the most secure MFD solution and is the most difficult to break.
Instructions on how to configure your first hardware security keys using OpenSSH included in the OpenSSH suite 8.2 release notes here.