1

You can now login with SSH one time passwords text

authored by | source | 0 comments
epilys wrote :

After some conversation on Mastodon I implemented signing via SSH OTPs. Signing with SSH keys is possible in new versions of SSH so it might not be possible in all systems. More information about SSH signing here: https://www.agwa.name/blog/post/ssh_signatures

How it works:

  • First, you set your public key on your account settings.
  • Then, next time you need to login, you can skip your password and instead choose the less comfortable path: click "Sign in with your SSH key instead" to go to https://tade.link/accounts/sshlogin which will prompt you with a random number in hexadecimal that you have to sign within 5 minutes and paste the signature in the form to login. Here's how it looks:

SSH signature login

This is an experimental/proof of concept thing and obviously it's opt in.

Here's the relevant code for authentication and the view code for token generation

PS: Why SSH and not PGP/FIDO/TLS etc? tl;dr: almost everyone has ssh keys already.

You must be vouched for by a vouched user to participate.