I would say the exact opposite, traditional ssh key management should eventually... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Spunkie on April 26, 2024 \| parent \| context \| favorite \| on: Passkeys: A shattered dream I would say the exact opposite, traditional ssh key management should eventually give way to resident keys. Aka, treating them just like passkeys. We've been storing ssh keys directly on our yubikeys since before passkeys were a thing. Not only is it clearly more secure it's also been a usability lift. Plugin your yubikey, start an ssh agent, and run ssh-add -K to get all your resident keys added to your current session.

Ferret7446 on April 27, 2024 [–]

I might add, you can already do this. OpenSSH has had FIDO support for a while now. I've found it to work better than trying to use PGP or PIV/PKCS#11

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact