SSH ED25519-SK FIDO2 support
Hello! Can you implement FIDO2 authentication in SSH authentication? I am using Yubikey to authenticate against servers but I don't see the option to use ED25519-SK.
FIDO2 use residential (discoverable - new term) keys generated right on security key. It can be ED25519-SK or ECDSA-SK and then, if requested, it can be used to authenticate against hosts.
It should work this way:
- use ED25519-SK private key (some kind of shortcut to physical security key) as key type
- open connection
- app ask to insert security key, enter PIN (not always the case if it's not generated with pin option), and use private key stored in it
- server check private key against public key, accept connection
There must be implemented authentication for it right in RDM app to open prompt to insert security key, enter pin, and use it to authenticate.
All Comments (25)
Hi
Thanks for the request, I have opened a ticket to add this feature.
Regards
Denis Vincent
I would just like to express the need for FIDO2-secured SSH keys here as well. We are currently rolling out new keys together with our customers and would actually like to switch to FIDO2-secured keys. Unfortunately, as we have just realised, this is not yet working at the moment.
Looking forward to the new features :)
Hi @ronnyfiebig
Work has already begun for this feature. I can't tell when it will be available though, I have a few hurdles to overcome, but I'm working on it.
Regards
Denis Vincent
Thank you very much for the update
Is there any Update on this ?
I had to postpone working on FIDO2 support for now. I am currently working on making improvements that should make implementing this feature easier afterwards. I am expecting to complete those improvements for the beginning of 2025 after which I will be able to resume work for FIDO2.
Denis Vincent
Any updates on this, id like to add my vote for this feature. We are rolling out FIDO2 to enhance the security of our infrastructure by adding hardware-backed keys and this would be a blocker.
I have still ongoing work before I can tackle FIDO2, but it is nearly completed. I expect to begin working on FIDO2 in roughly a month, but I don't know as of now how much time will be needed to implement it. We understand FIDO2 is gaining in popularity and it is already a priority on our TODO list.
Regards
Denis Vincent
Is there any Update on this ?
Hi,
I am currently waiting for an external third party library to be updated.
Sorry for the delay in my response, I was on vacation.
Regards
Denis Vincent
@Denis Vincent any updates, and you mentioned a priority and a todo list, is that something that is openly visible to peer into the product roadmap?
Hi,
The developper of the external library is not willing to make the modification we need. We have an in house resource who could do it, but he has a lot of work already scheduled. I have discussed about some possible alternatives with him and I will need to investigate those, I hope around mid October. As for the priority and todo lists I mentioned, those are not public.
Regards
Denis Vincent
Hey :)
Thank you for trying to implement this.
We will use 2FA for critical systems in the future and of course want to use them with RDM.
Now i just call Windows SSH (which is a OpenSSH modified by Microsoft) to use FIDO2-Keys and it "works".
Would be great if RDM supports it directly.
If you need any information/feedback or someone to help testing... you know my email ;)
Well, I am currently working on this and I have it partly working (user PIN verification is under development). I can't say when it will be complete but I think it is possible it will be ready before 2026.
Regards
Denis Vincent
Hello,
Thank you for being so patient!
I'm pleased to inform you that a new version of RDM (2025.3.28.0) has been released, featuring the fix for your issue.
Latest Version: Download RDM
Please let us know if this works or if you encounter any issues.
Best regards,
Maxim Robert
Hi,
I am super excited for this and wanted to test it, but I could not figure out how it works. As OP I use OpenSSH with FIDO2 at the moment (Windows Built In and PuTTY-CAC), but having it integrated into RDM sounds neat. What checkboxes do I have to select in an SSH connection to get FIDO2 working? I cannot find a specific FIDO2 feature in the SSH-Key Tab, so it must be somewhere else, right?
Thanks for the improvement!
Kind regards!
Hi,
To use a FIDO2 device with RDM's SSH, you just need to go to the "SSH key" tab of the SSH entry, and load its associated private SK key (the same you are using for OpenSSH). It works the same as with the command: ssh -i fidokeyfile user@host
And it is also supported in RDM's SFTP and SCP entries.
Regards
Denis Vincent
I could swear I tried this combination already, but I did again and it just works, Haha! Thank you very much :-)
Any chance to get this working in the MacOS version? I just upgraded to the latest version (2025.3.8.5) and it still doesn't work.
@jrottmann Yes, it is already done. In fact, I had it working for macOS first, so I will check why it is not included in the current version.
Regards
Denis Vincent
@jrottmann I can confirm it will be available in the next RDM Mac version, but I can't confirm a date for its release.
Denis Vincent
Any chance to get this working in the Linux version?
Any chance to get this working in the Linux version?
@hirdman
If it is not already there, I'll make sure it is in the next Linux version.
Denis Vincent
@jrottmann I can confirm it will be available in the next RDM Mac version, but I can't confirm a date for its release.
@Denis Vincent
according to https://devolutions.net/remote-desktop-manager/release-notes/mac/ is seems that is is not included in the release. and in my tests it does still not work in mac. :-(
@rdm1 You're right, the FIDO2 support was not included in the last release (it looks like there has been an internal misunderstanding). But it will be available in the 2026.1 release scheduled next week. Sorry for the delay.
Regards
Denis Vincent