Security key authentication is now available when accessing GitHub via SSH connection

On May 11, 2021, GitHub security engineer Kevin Jones updated the official blog and announced that the physical device 'security key' can now be used to authenticate SSH connections.

Security keys are now supported for SSH Git operations | The GitHub Blog

Security keys such as Google's '

Titan ' and Yubico's ' YubiKey ' are portable physical keys that are protected from external access and are used by connecting to a computer via USB, Bluetooth, etc., two-step authentication. It is one of the alternatives such as one-time password of.

GitHub has announced that it has started supporting security keys as an authentication method for SSH connections to make accounts more secure. Mr. Jones said, 'When performing Git operation using a security key after making an SSH connection, the secret part of the SSH key moves from the computer to a secure external security key, so accidental disclosure of the private key and malware You can use security keys to achieve a higher level of security, 'he emphasizes the security of security keys.

In order to move to security key authentication, you need to generate a new SSH key and add it to your account according to the manual published by GitHub.

'Password authentication is convenient, but I think it poses a security challenge,' Jones said. In recent years, GitHub is shifting to an authentication method that uses two-step authentication and WebAuthn, etc., and we are working to improve the security of GitHub as a whole.

GitHub abolishes password authentication when operating Git, token authentication will be required in the future --GIGAZINE

in Web Service,   Security, Posted by log1p_kr