If you have got the following very specific thing to work, please let me know how!
ssh, using ed25519-sk or ecdsa-sk, with a YubiKey with FIDO2, on Android (specifically GrapheneOS), with a Free software client
My tinkering with termux has, so far, failed.
A few weeks ago I finally changed my #SSH key(s) on my #YubiKey(s) from the old PIV function to a #FIDO2 key using @jgoerzen 's excellent guide: https://www.complete.org/easily-using-ssh-with-fido2-u2f-hardware-security-keys/
It is so much better! It does not regularly fail, the credentials in the ssh-agent don't need re-adding on any failed auth. The flow of when I forgot the ssh-add call is so much better as you can just type the password. And while my keys are too old to support ed25519 at least it's no longer a short RSA.
A lot of new hardware security keys (Yubikey, Nitrokey, Titan, etc.) now support FIDO2 (aka U2F aka Webauthn aka Passkey; yes it’s a mess). So does OpenSSH. This spells good news for us, because it is far easier to use than previous hardware security types (eg, PKCS#11 and OpenPGP) with ssh. A key benefit of all this, if done correctly, is that it is actually impossible to access the raw SSH private key, and impossible to use it without the presence of the SK and a human touching it.
А сейчас какие-то ключи для двухфакторки возможно в Россию заказать не за сотни денег?
Хотя бы до 4 тыр, ну или какие сейчас цены на них.
Я вообще в этой теме не шарю.
Yubikey 5 стоит в районе 8 тыр, Yubikey SK стоит 4 тыр. ХЗ чем они различаются.
Я пробовал подобное с флиппером делать, но там файлик с флешки спереть как нефиг. делать
Neil Brown
Websplaining
Xyphoid process
Floris Bruynooghe
Раджа