←back to thread

Sign arbitrary data with your SSH keys

(www.agwa.name)
637 points h1x | 3 comments | 13 Nov 21 09:13 UTC | HN request time: 0.465s | source
1. csomar ◴[13 Nov 21 10:18 UTC] No.29208799[source]
Ledger/Trezor have solved this since ~2016. I have a Ledger that has a private key inside and using a small open source tool (https://github.com/romanz/trezor-agent) I can SSH into machines, sign random data and Github commits and FIDO authenticate into several websites. All of that and knowing that these devices offer some of the best security out there.
replies(2): >>29208982 #>>29209129 #
2. johnyzee ◴[13 Nov 21 11:06 UTC] No.29208982[source]
Hardware devices like the crypto wallets are a pretty good solution (no pun intended), imho. Both very convenient and very secure. I like the minimalism of something like the Trezor, no battery, tiny B/W display and two hardware buttons. Plug in, click button to confirm signing, done.
3. stavros ◴[13 Nov 21 11:40 UTC] No.29209129[source]
FIDO2 is even better because SSH supports it natively, so there's no setup at all.