Release v2.0.0

This release is for OpenSSH version 8.4 or later.
Installation guide.

Changelog

Added

• You can now create and use keys created with no-touch-required option.
• Support for verify-required option is added(with a little limitation).
• New attestation data will be returned if available(a bit different but correct).

Changed

• Bumped API version to 0x00070000 (requires OpenSSH v8.4p1).

Release v1.1.0

This release is for version 8.2 and 8.3 of OpenSSH.
Installation guide.

Changelog

Added

• You can now create and use keys created with no-touch-required option.

Fixed

• Variable cleanup in an error handling case.
• Bug fixes.

Release v1.0.2

Installation

these files are compiled for the MSYS environment(Git for Windows is using MSYS).
For other environments like Cygwin please refer to README file to learn how to download the source code and compile it.

Note: If you are using OpenSSH version 8.2p1, you need to install and configure(or compile) a modified ssh-sk-helper, if you are using OpenSSH 8.3p1 or higher, it's not needed.

winhello.dll

Copy this file wherever you want, /usr/lib directory is preferred.

Configure OpenSSH to use winhello

ssh, ssh-keygen, ssh-add can use this module(sshd could also use security keys but it's a little weird to do so).

To use in ssh open local config file ~/.ssh/config(or global config /etc/ssh/ssh_config) and add this:

Host *
    SecurityKeyProvider winhello.dll

For use in ssh-keygen use -w argument like this:

ssh-keygen -t ecdsa-sk -w winhello.dll

And for use in ssh-add use -S command(If you do not use full path in ssh-add, ssh-agent may block you):

ssh-add -S /usr/lib/winhello.dll ~/.ssh/id_ecdsa_sk

You can also set SSH_SK_PROVIDER environment variable in your shell init code for ssh-keygen and ssh-add instead of argument method explained above. For example if you are using bash, add this line in ~/.bashrc file:

export SSH_SK_PROVIDER=/usr/lib/winhello.dll

Use the full path to winhello.dll or ssh-agent will probably refuse to add your key.

Version 1.0.1

Skip check for WebAuthNIsUserVerifyingPlatformAuthenticatorAvailable() due to some problems(if you had problems before, please test this).

Version 1.0 (RC)

Installation

Compiled files of this project are available on GitHub releases. It is compiled for the MSYS environment(Git for Windows is using MSYS).
For other environments like Cygwin please download the source code and compile it yourself.

Note: If you are using OpenSSH version 8.2p1, you need to install and configure(or compile) a modified ssh-sk-helper, if you are using OpenSSH 8.3p1 or higher, it's not needed.

winhello.dll

Copy this file wherever you want, PATH or LIB directory is preferred(e.g. /usr/bin).

Configure OpenSSH to use winhello

ssh, ssh-keygen, ssh-add can use this module(sshd could also use security keys but it's a little weird to do so).

To use in ssh open ssh_config(normally in /etc/ssh) and add this:

Host *
    SecurityKeyProvider winhello.dll

For use in ssh-keygen use -w argument like this:

ssh-keygen -t ecdsa-sk -w winhello.dll

And for use in ssh-add use -S command:

ssh-add -S winhello.dll ~/.ssh/id_ecdsa_sk

You can also set SSH_SK_PROVIDER environment variable for ssh-keygen and ssh-add instead of argument method explained above, for example:

SSH_SK_PROVIDER=winhello.dll ssh-keygen -t ecdsa-sk
SSH_SK_PROVIDER=winhello.dll ssh-add ~/.ssh/id_ecdsa_sk

Use full path to winhello.dll if it's not in bin or lib folders or if you get "file not found" error.

First Release

Requires Windows 10 version 1903 or higher

1. Copy ssh-sk-helper.exe into /usr/lib/ssh/ (backup original one)
2. Copy winhello.dll into a directory which is in your path(for example /usr/bin)
3. Add this into /etc/ssh_config

Host *
    SecurityKeyProvider /usr/bin/winhello.dll 

4. To use with ssh-keygen add "-w /usr/bin/winhello.dll" to your command, for example:

ssh-keygen -t ecdsa-sk -w /usr/bin/winhello.dll