Skip to content

Add SK (Security Key) public key authentication support#439

Merged
kruton merged 3 commits intoconnectbot:mainfrom
nindanaoto:fido2
Jan 25, 2026
Merged

Add SK (Security Key) public key authentication support#439
kruton merged 3 commits intoconnectbot:mainfrom
nindanaoto:fido2

Conversation

@nindanaoto
Copy link
Contributor

@nindanaoto nindanaoto commented Jan 1, 2026

Required by connectbot/connectbot#1821.
Adds support for FIDO2 Security Key authentication:

🤖 Generated with Claude Code

@kruton
Copy link
Member

kruton commented Jan 1, 2026

It seems like more of the implementation might need to be in sshlib. If a test can't be written for it then the boundary between library and user of the library may not be in the right place.

@nindanaoto
Copy link
Contributor Author

nindanaoto commented Jan 2, 2026

Your criteria for the library boundary seem reasonable to me, so I wrote unit tests since the change is fairly simple. However, moving this logic to the ConnectBot side will mess up the library interface.
​Maybe we should also move some parts of the actual hardware key communication to the sshlib side to isolate the complex key handling from the ConnectBot side, but this will require hardware key unit tests without the physical key. I found that YubiKey seems to provide a test suite for this. However, we should check whether the test covers our use case first. So, I will add that to the ConnectBot side first, then plan to move it to sshlib as another PR. Possibly, because of its complexity, moving that can be a difficult task.

nindanaoto and others added 3 commits January 8, 2026 18:09
@nindanaoto @claude
Add SK (Security Key) public key authentication support
4e32827 
Adds support for FIDO2 Security Key authentication:
- New SkPublicKey interface for hardware-backed SK keys
- SK key handling in AuthenticationManager using SignatureProxy
- Supports sk-ssh-ed25519@openssh.com and sk-ecdsa-sha2-nistp256@openssh.com

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@nindanaoto @claude
Add tests for SK (Security Key) public key authentication
b07aafe 
Tests for the SkPublicKey interface and AuthenticationManager SK key handling:
- SkPublicKeyTest: validates interface contract for Ed25519/ECDSA SK keys
- AuthenticationManagerSkKeyTest: verifies SK authentication flow, hash
  algorithm selection, and SignatureProxy requirement

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@nindanaoto @claude
Fix unused imports in AuthenticationManagerSkKeyTest
d92c38b 
Remove unused doAnswer and when imports that were flagged by checkstyle.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
@kruton kruton merged commit 7048b8d into connectbot:main Jan 25, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nindanaoto @kruton