Since Christiaan mentioned sshd, here are some notes on how to implement
FIDO in sshd (should anyone be looking for a weekend project):
https://lists.mindrot.org/pipermail/openssh-unix-dev/2018-April/036885.html
Apologies for propagating the off-topicness.
On May 17, 2018 at 1:29:12 PM, Christiaan Brand (cbrand@google.com) wrote:
Also, chances of us adding raw signing to FIDO is extremely slim. I see
more potential with upstreaming a change to sshd to understand FIDO creds...
On Thu, May 17, 2018 at 12:54 Adam Langley <agl@google.com> wrote:
> On Thu, May 17, 2018 at 12:48 PM David Strauss <david@davidstrauss.net>
> wrote:
>
>> This is exactly what I'm requesting. This isn't a call for deep support
>>> for SSH in FIDO, only the cryptographic operation (raw signing) that would
>>> make it possible to use that way with the right client-side glue (which
>>> would be totally outside FIDO).
>>>
>>
> But this is the W3C mailing list, and the W3C does web stuff :)
>
> The CTAP2 spec, while obviously something that the W3C is building on with
> webauthn, comes from FIDO, which is a completely separate organisation.
>
> I don't know how helpful it is, but FIDO has a general page with some
> contact points here: https://fidoalliance.org/participate/community/
>