I’d like to use a Nitrokey FIDO2 as a 2FA for a remote ssh login. According to the new openssh 8.2 specification:
FIDO/U2F OpenSSH keys consist of two parts: a “key handle” part stored in the private key file on disk, and a per-device private key that is unique to each FIDO/U2F token and that cannot be exported from the
So the Stick should support the feature to store resident keys in order to save the “key handle” otherwise it’d have to be copied to each client, right? Does the Nitrokey FIDO2 support it?
Another useful feature from the specification:
ssh-keygen(1): add a “no-touch-required” option when generating
FIDO-hosted keys, that disables their default behaviour of
requiring a physical touch/tap on the token during authentication.
Does the Nitrokey FIDO2 support this?