[GH-ISSUE #456] Accepting sk-ssh-ed25519@openssh.com for ingress key #117

New issue

Closed

opened 2026-05-07 00:19:07 +02:00 by BreizhHardware · 1 comment

BreizhHardware commented 2026-05-07 00:19:07 +02:00

Owner

Copy link

Originally created by @perrze on GitHub (Mar 20, 2024).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/456

Hi,
Some of the bastion users in my group are using sk-ssh-ed25519@openssh.com (ed25519 key protected by an hardware security key like yubikey).
These keys are not accepted by the bastion.
I wonder if it would be possible or compliant with how bastion works to accept these keys as ingress keys for users ?

Originally created by @perrze on GitHub (Mar 20, 2024). Original GitHub issue: https://github.com/ovh/the-bastion/issues/456 Hi, Some of the bastion users in my group are using sk-ssh-ed25519@openssh.com (ed25519 key protected by an hardware security key like yubikey). These keys are not accepted by the bastion. I wonder if it would be possible or compliant with how bastion works to accept these keys as ingress keys for users ?

BreizhHardware closed this issue 2026-05-07 00:19:07 +02:00

BreizhHardware commented 2026-05-07 00:19:08 +02:00

Author

Owner

Copy link

@speed47 commented on GitHub (Mar 20, 2024):

Hello,

Yes, a contributor started the effort here https://github.com/ovh/the-bastion/pull/420 , currently at OVHcloud we use Yubikeys but usually we use the PIV slot (9a) or the GPG applet (which supports SSH through gpg-agent), however I'm looking into also supporting Webauthn for SSH, which is the sk- series of keytypes as seen by OpenSSH.

I'll look into it in the following days :)

<!-- gh-comment-id:2009289480 --> @speed47 commented on GitHub (Mar 20, 2024): Hello, Yes, a contributor started the effort here https://github.com/ovh/the-bastion/pull/420 , currently at OVHcloud we use Yubikeys but usually we use the PIV slot (9a) or the GPG applet (which supports SSH through gpg-agent), however I'm looking into also supporting Webauthn for SSH, which is the sk- series of keytypes as seen by OpenSSH. I'll look into it in the following days :)

BreizhHardware referenced this issue 2026-05-07 00:20:00 +02:00

[PR #117] [MERGED] bump to v3.01.99-rc1 #251

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

expifix

groupcreate_fix_uid

fix_group_gid_fast

gh-pages

clush

expiration

jsonvalidator

v3.23.01

v3.23.00

v3.22.00

v3.21.00

v3.20.00

v3.19.01

v3.19.00

v3.18.99-rc1

v3.18.00

v3.17.01

v3.17.00

v3.16.99-rc3

v3.16.99-rc2

v3.16.99-rc1

v3.16.01

v3.16.00

v3.15.00

v3.14.16

v3.14.15

v3.14.00

v3.13.01

v3.13.00

v3.12.00

v3.11.02

v3.11.01

v3.11.00

v3.10.00

v3.09.02

v3.09.00-really

v3.09.00

v3.09.00-rc3

v3.09.00-rc2

v3.09.00-rc1

v3.08.01

v3.08.00

v3.07.00

v3.06.00

v3.05.01

v3.05.00

v3.04.00

v3.03.99-rc2

v3.03.99-rc1

v3.03.01

v3.03.00

v3.02.00

v3.01.99-rc4

v3.01.99-rc3

v3.01.99-rc2

v3.01.99-rc1

v3.01.03

v3.01.02

v3.01.01

v3.01.00

v3.00.02

v3.00.01

v3.00.00

Labels

Clear labels   

answered

  

bug

  

documentation

  

enhancement

  

enhancement

  

feature

  

feature

  

kept-open-for-info

  

pull-request

Mirrored from GitHub Pull Request

  

question

No labels

answered

bug

documentation

enhancement

enhancement

feature

feature

kept-open-for-info

pull-request

question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/the-bastion#117

No description provided.