Update your OpenSSH and use the encryption key. In February 2020, support for FIDO U2F (Universal Second Factor) encryption keys was added to OpenSSH. This is a great new feature, but there is a nuance: only those clients and servers that have upgraded to OpenSSH version 8.2 and higher will be able to use encryption keys, since the February update introduces new types of keys for them. You ssh –V
can check the client version of SSH with the command, and the server version with the commandnc [servername] 22
Two new types of keys were added to the February version - ecdsa-sk and ed25519-sk (together with the corresponding certificates). To generate a key file, just insert your encryption key and run the command:
$ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk
U2F . U2F — .
, .
- OpenSSH -sk-. U2F . - :
$ ssh-keygen -t ecdsa-sk -O resident -f ~/.ssh/id_ecdsa_sk
, , :
$ ssh-add -K
.