Ssh >= 8.3 for FIDO resident key support

canatella · November 25, 2021, 9:28am

Hello,

I use my turris as an ssh gateway to login to my home network. I’d like to use my yubikey to secure authentication but it requires ssh >= 8.3. Any tricks how I could update the version ? It seems 8.4 is available on openwrt master but I have no idea if there is a way to replace my turris version with this one ?

EDIT: thanks for all your suggestions. I took a snapshot and installed the following package:
libcbor_0.8.0-1_arm_cortex-a9_vfpv3-d16.ipk
libevdev_1.12.0-1_arm_cortex-a9_vfpv3-d16.ipk
libfido2_1.6.0-1_arm_cortex-a9_vfpv3-d16.ipk
libudev-zero_1.0.0-1_arm_cortex-a9_vfpv3-d16.ipk
openssh-client-utils_8.4p1-4_arm_cortex-a9_vfpv3-d16.ipk
openssh-client_8.4p1-4_arm_cortex-a9_vfpv3-d16.ipk
openssh-keygen_8.4p1-4_arm_cortex-a9_vfpv3-d16.ipk
openssh-server_8.4p1-4_arm_cortex-a9_vfpv3-d16.ipk

Restarted sshd and it’s working. Tried rebooting to make sure everything is still ok and it is. Thanks!

AreYouLoco · November 25, 2021, 9:44am

You could try downloading *.ipk from openwrt master archive and install it by hand. And pray that there are no dependency issues. Or switch to HBD branch of TurrisOS and it should be included there. Your choice.

commar · November 25, 2021, 9:45am

You can compile yourself.

AreYouLoco · November 25, 2021, 9:46am

There is no need to compile it since its in openwrt master archive already compiled. But yeah you could always compile for yourself.

ssdnvv · November 25, 2021, 11:50am

HBD does not represent OpenWrt master but (as of now) 21.02.1

vcunat · November 25, 2021, 12:21pm

I see 8.4 in HBD: Index of /hbd/omnia/packages/packages/
(OpenWrt version itself doesn’t seem that important for this thread.)