Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: *-sk keys supporting PIV-like policies #475

Open
codyro opened this issue Apr 23, 2024 · 1 comment
Open

Feature Request: *-sk keys supporting PIV-like policies #475

codyro opened this issue Apr 23, 2024 · 1 comment
Labels
feature This is a new feature request

Comments

@codyro
Copy link
Contributor

codyro commented Apr 23, 2024
edited
Loading

Now that The Bastion supports *-sk keys, it would be nice to have PIV-like policies available to limit keys to an account to PIV/SK/FIDO2, grace periods, etc. It could potentially utilize PubkeyAuthOptions in some capacity.

Please close this if it seems like a stinker of an idea :).
@codyro codyro changed the title *-sk keys supporting PIV-like policies Feature Request: *-sk keys supporting PIV-like policies Apr 24, 2024
@speed47 speed47 added the feature This is a new feature request label May 22, 2024
@speed47
Copy link
Collaborator

speed47 commented May 22, 2024

Well, that would completely make sense indeed!

Contrary to e.g. "RSA GPG keys used as SSH keys through gpg-agent's ssh-agent compatibility layer", where, on server side, we have no way to differentiate between such a (hardware) key and an RSA key stored in a file, the *-sk series does guarantee that, as PIV does.

I'll check the feasibility, but I like the idea!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature This is a new feature request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@codyro @speed47