LinuxBender

Interesting!

- Does this have the buffer limitations for file transfer that ssh has? i.e. Can I send near wire speed?

- Which independent third party pen testing and code validation groups have reviewed this?

- Since this does not depend on rsync helpers for file transfers, are there any plans to add multipart transfers similar to lftp's p-get or other mirror sub-system functions? i.e. split a 40gb file into 20 chunks / streams.

- Is the UDP knocker optional? I can think of places that won't work. Captive portals, hotels, some airports, some public wifi, some corp networks.

- What setcap capabilities does this require?

- Any plans to add modules or helpers for things like U2F?

- Any thoughts on centralized management of key trusts? that is the biggest gap in openssh that I know of and the original author of ssh acknowledges. i.e. "who" is really logging in as "who", "where" and how old is that key?

nickik

U2F would be amazing. I hacked around with adding second factors to openssh and its possible but not great. There was even a hack to do it with U2F.

But to have a ssh like thing that supports U2F out of box would be amazing.

kevin_nisbet
Teleport SSH Server supports U2F.

https://github.com/gravitational/teleport https://gravitational.com/teleport/docs/admin-guide/#fido-u2...

Disclaimer: I work for gravitational, but not on teleport.