RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1821501 - consider backport of u2f support
Summary: consider backport of u2f support
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: openssh
Version: unspecified
Hardware: Unspecified
OS: Unspecified
low
unspecified
Target Milestone: beta
: ---
Assignee: Dmitry Belyavskiy
QA Contact: Marek Havrila
Jan Fiala
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-04-06 23:58 UTC by Kevin Fenzi
Modified: 2022-07-29 18:19 UTC (History)
13 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
.OpenSSH supports U2F/FIDO security keys Previously, the OpenSSH keys stored in hardware were only supported through the PKCS #11 standard, which limited the use of other security keys in SSH. Support for U2F/FIDO security keys was developed upstream and is now implemented in RHEL 9. This results in an improved usability of security keys within SSH independent of the PKCS #11 interface.
Clone Of:
Environment:
Last Closed: 2022-05-17 15:53:33 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker CRYPTO-6059 0 None None None 2022-01-18 16:57:37 UTC
Red Hat Product Errata RHBA-2022:3949 0 None None None 2022-05-17 15:53:45 UTC

Description Kevin Fenzi 2020-04-06 23:58:57 UTC 
It would be very nice for rhel7 (and 8) to at least support sk-ecdsa keys, and even better if it could have all the u2f support. 

Support for sk-ecdsa keys, users could at least use the u2f support on newer platforms to connect to rhel hosts. 

The full u2f support would allow rhel clients to take advantage of this support. 

Thanks for your consideration.
Comment 2 Jakub Jelen 2020-04-07 06:57:40 UTC 
For RHEL 7, it is out of the question, as RHEL7 is in Maintanance Support 1 Phase [1]:

> New software functionality is not available during this phase.

Moved to RHEL8, which we might consider in future releases.

[1] https://access.redhat.com/support/policy/updates/errata#Maintenance_Support_1_Phase
Comment 28 Robert Scheck 2022-04-25 15:08:05 UTC 
Could somebody please briefly explain why this was moved from RHEL 8 to 9? It would be still helpful for us to have at least the new public key types "ecdsa-sk" and "ed25519-sk" supported on the server side, so that users on newer platforms can use full U2F/FIDO support to connect to RHEL 8 servers (especially as RHEL 9 is not yet available).
Comment 31 Stanislav Zidek 2022-04-26 11:39:19 UTC 
Robert, we are not really allowed to discuss roadmaps and timelines in bugzilla, please reach out to your representative via Customer Portal. That being said, the brief explanation is "complicated rebase or backport would be necessary".
Comment 32 Robert Scheck 2022-04-26 12:56:16 UTC 
(In reply to Stanislav Zidek from comment #31)
> Robert, we are not really allowed to discuss roadmaps and timelines in
> bugzilla, please reach out to your representative via Customer Portal. That
> being said, the brief explanation is "complicated rebase or backport would
> be necessary".

Stanislav, I've opened case 03204842 at the Red Hat customer portal already before your answer to later follow up there with a business justification etc. - but thank you anyway for the quick brief explanation :)
Comment 42 errata-xmlrpc 2022-05-17 15:53:33 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: openssh), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3949
Note You need to log in before you can comment on or make changes to this bug.