When can I use ssh public key type like ed25519-sk and ecdsa-sk

ed25519-sk and ecdsa-sk are newly supported public key types in OpenSSH 8.2 for MFA devices. see How to secure your SSH server with public key Ed25519 Elliptic Curve Cryptography. but I can not use them in github.com yet. May I ask when I can use these types of SSH pubic key? 

27 Likes

Hi @shawnzhu,

Thanks for this feedback! We’re always working to improve GitHub, and we consider every suggestion we receive. I’ve logged your feature request in our internal feature request list. Though I can’t guarantee anything or share a timeline for this, I can tell you that it’s been shared with the appropriate teams for consideration.

3 Likes

Seconded. I would prefer to use this key type as well in order to take advantage of the 2fa options it includes. 

Hello,
Is there any progress on this issue? Is this functionality still unavailable?
Thank you!

Agreed. This would be a great feature to have as I’ve moved my SSH keys to this type.

1 Like

Just adding my +1 to this. Would be a great security improvement to support this. Would be even nicer if we could enforce the use of this for organisations meaning any access to github either via web or ssh uses 2FA :slight_smile:

Thanks - John.

1 Like

+1 for this. Using ed25519-sk for SSH keys provides both convenience and security out of the box.

+1 ecdsa-sk too. GitHub has early support for WebAuthn in MFA, and I think they should support it as an example of a web service as well.

+1 ed25519-dk and ecdsa-sk here. They’re much more convenient and foolproof compared to existing hardware SSH authentication methods like GPG or PKCS11.

A huge +1 from me! Currently, managing SSH keys using smart cards can be somewhat complicated, requiring the use of gpg-agent to deploy effectively. Support and configuration for this setup varies from client to client, OS to OS. If GitHub adopts this setup, it would represent a big step forward not only in terms of security but in ease of use for security-conscious developers.

+1 ecdsa-sk seems like the easiest way to secure ssh keys with a second factor.

I also would love to see ecdsa-sk supported!

+1 for ecdsa-sk

It would be great to have native support for hardware MFA devices like Trezor One and Trezor Model T.