It depends upon your preference

Sometimes I want to see everything in the most beautiful rainbow colors that exist

I then invoke lolcat(6) in my SSH login string.

Then everything looks gorgeous!

@justine

#man #lolcat #ssh #login #string

OK, normally I have my shit wired together, but this bastard is getting to me.

The requirement is for 'phishing-resistant' second factor. That rules out all of the six-digit code apps - it is too easy apparently to get someone to read out their codes to an attacker.

Again, IDK, but apparently 'phishing-resistant' is the next Big Thing. My personal feeling? We are chasing our shadows. Unless I am the last alive Iranian nuclear bloke, my login is as secure as I can be bothered to make it, and I am bound to be disappointed by a weakness at some point in the near or far future. Phishing isn't on the agenda.

Life.

I carry a seemingly-fine cryptographic store about with me most days and ludicrously call it my 'phone'. It can sign stuff, wrangle certificates, store passwords, read faces and fingerprints and QRcodes and NFC tags. Heaps of useful 'security' stuff. I wouldn't call the software environment _secure_ at all, but ... IDK, people seem happy enough with it. Anything for an easy life. Row with the flow.

So I search for:
"google passkey login with ssh"
My god, whatalottasloppa comes back. A gattling gun of half-arsery, cant and junk advice.
Then "MS hello for business login ssh". Christ almighty. Much worse. Worse again.
Then "Apple ID login to ssh". At least that seems to be a simple: "no". A relief really.

Someone in the know please: can I set up my sshd to use my phone-based passkey as a; primary, secondary or even the complete, login?

#TOTP #HOTP #passkey #sshd #key #certificates #PSK #login #ssh #linux #pam #openssh