OpenSSH 8.4 Brings Better Support For FIDO/2FA Keys

Written by Michael Larabel in BSD on 28 September 2020 at 06:41 AM EDT. 4 Comments
Version 8.4 of OpenSSH has been released and among its wide assortment of changes is a lot of continued work on FIDO/2FA key handling.

For those with a FIDO key like the YubiKey or Google Titan Security Key for handling two-factor authentication, OpenSSH 8.4 has better support in place. OpenSSH 8.4 now supports FIDO keys that require a PIN code to be entered for each use, SSHD now supports a "verify-required" option to require FIDO signatures assert the token be verified, SSH-Keygen now supports the FIDO 2.1 credProtect extension, support for verifying FIDO WebAuthn signatures, better support for multiple attached FIDO tokens, and many other fixes.

Outside of FIDO, OpenSSH 8.4 now supports sshd_config files longer than 256k, the -A flag can be used to explicitly enable agent forwarding in SCP and SFTP, build fixes for Apple Xcode 12, and many other fixes.

More details on OpenSSH 8.4 via
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via

Popular News This Week