OpenSSH adds support for the FIDO/U2F security keys

With OpenSSH, the internet’s most popular utility for managing remote servers has been added to support the FIDO/U2F protocol.

This means that as of OpenSSH is 8.2, released today, users can configure the hardware security key to authenticate over SSH to a remote server.

After the users log on to a server using a user name and a password, or an SSH authentication-certificate, they are required to have a FIDO/U2F-enabled USB or Bluetooth-or NFC-based security key, a second proof of identity.

With the help of a security that is currently considered to be one of the most powerful multi-factor authentication (MFA) methods are nowadays well-known.

With the help of the MFA, commonly referred to as 2FA (two factor authentication) is one of the easiest ways to prevent hackers from guessing or brute-forcing your SSH password, and the obtaining of control over your server.

Last year, Microsoft said that the company’s customers, which enabled the MFA to the respective Microsoft account blocked 99.9% of all account hacking attemptslet’s see how easy or difficult is the work of an MFA solution that it is today.

In a table below, published in October, Microsoft is ranked FIDO based hardware security keys by far the most secure MFD solution and it is the most difficult to crack.

Instructions on how to set up your first hardware security keys using the OpenSSH included in the OpenSSH suite 8.2 release notes here.