Releases: tavrez/openssh-sk-winhello
Release v2.0.0
This release is for OpenSSH version 8.4 or later.
Installation guide.
Changelog
Added
- You can now create and use keys created with
no-touch-requiredoption. - Support for
verify-requiredoption is added(with a little limitation). - New attestation data will be returned if available(a bit different but correct).
Changed
- Bumped API version to 0x00070000 (requires OpenSSH v8.4p1).
Release v1.1.0
This release is for version 8.2 and 8.3 of OpenSSH.
Installation guide.
Changelog
Added
- You can now create and use keys created with
no-touch-requiredoption.
Fixed
- Variable cleanup in an error handling case.
- Bug fixes.
Release v1.0.2
Installation
these files are compiled for the MSYS environment(Git for Windows is using MSYS).
For other environments like Cygwin please refer to README file to learn how to download the source code and compile it.
Note: If you are using OpenSSH version 8.2p1, you need to install and configure(or compile) a modified ssh-sk-helper, if you are using OpenSSH 8.3p1 or higher, it's not needed.
winhello.dll
Copy this file wherever you want, /usr/lib directory is preferred.
Configure OpenSSH to use winhello
ssh, ssh-keygen, ssh-add can use this module(sshd could also use security keys but it's a little weird to do so).
To use in ssh open local config file ~/.ssh/config(or global config /etc/ssh/ssh_config) and add this:
Host *
SecurityKeyProvider winhello.dll
For use in ssh-keygen use -w argument like this:
ssh-keygen -t ecdsa-sk -w winhello.dllAnd for use in ssh-add use -S command(If you do not use full path in ssh-add, ssh-agent may block you):
ssh-add -S /usr/lib/winhello.dll ~/.ssh/id_ecdsa_skYou can also set SSH_SK_PROVIDER environment variable in your shell init code for ssh-keygen and ssh-add instead of argument method explained above. For example if you are using bash, add this line in ~/.bashrc file:
export SSH_SK_PROVIDER=/usr/lib/winhello.dllUse the full path to winhello.dll or ssh-agent will probably refuse to add your key.
Version 1.0.1
Skip check for WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable() due to some problems(if you had problems before, please test this).
Version 1.0 (RC)
Installation
Compiled files of this project are available on GitHub releases. It is compiled for the MSYS environment(Git for Windows is using MSYS).
For other environments like Cygwin please download the source code and compile it yourself.
Note: If you are using OpenSSH version 8.2p1, you need to install and configure(or compile) a modified ssh-sk-helper, if you are using OpenSSH 8.3p1 or higher, it's not needed.
winhello.dll
Copy this file wherever you want, PATH or LIB directory is preferred(e.g. /usr/bin).
Configure OpenSSH to use winhello
ssh, ssh-keygen, ssh-add can use this module(sshd could also use security keys but it's a little weird to do so).
To use in ssh open ssh_config(normally in /etc/ssh) and add this:
Host *
SecurityKeyProvider winhello.dll
For use in ssh-keygen use -w argument like this:
ssh-keygen -t ecdsa-sk -w winhello.dllAnd for use in ssh-add use -S command:
ssh-add -S winhello.dll ~/.ssh/id_ecdsa_skYou can also set SSH_SK_PROVIDER environment variable for ssh-keygen and ssh-add instead of argument method explained above, for example:
SSH_SK_PROVIDER=winhello.dll ssh-keygen -t ecdsa-sk
SSH_SK_PROVIDER=winhello.dll ssh-add ~/.ssh/id_ecdsa_skUse full path to winhello.dll if it's not in bin or lib folders or if you get "file not found" error.
First Release
Requires Windows 10 version 1903 or higher
- Copy ssh-sk-helper.exe into /usr/lib/ssh/ (backup original one)
- Copy winhello.dll into a directory which is in your path(for example /usr/bin)
- Add this into /etc/ssh_config
Host *
SecurityKeyProvider /usr/bin/winhello.dll
- To use with ssh-keygen add "-w /usr/bin/winhello.dll" to your command, for example:
ssh-keygen -t ecdsa-sk -w /usr/bin/winhello.dll