From 6bb002e70889777024384529f37907f595894bf2 Mon Sep 17 00:00:00 2001
From: Kevin Morris <kevr@0cost.org>
Date: Wed, 24 Nov 2021 21:23:01 -0800
Subject: [PATCH] fix: use correct u2f ssh key prefixes

Signed-off-by: Kevin Morris <kevr@0cost.org>
---
 conf/config.defaults | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/conf/config.defaults b/conf/config.defaults
index a04f21bc..dd9bfd2f 100644
--- a/conf/config.defaults
+++ b/conf/config.defaults
@@ -62,7 +62,9 @@ ECDSA = SHA256:L71Q91yHwmHPYYkJMDgj0xmUuw16qFOhJbBr1mzsiOI
 RSA = SHA256:Ju+yWiMb/2O+gKQ9RJCDqvRg7l+Q95KFAeqM5sr6l2s
 
 [auth]
-valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ssh-ecdsa@openssh.com sk-ssh-ed25519@openssh.com
+; For U2F key prefixes, see the following documentation from openssh:
+; https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.u2f
+valid-keytypes = ssh-rsa ssh-dss ecdsa-sha2-nistp256 ecdsa-sha2-nistp384 ecdsa-sha2-nistp521 ssh-ed25519 sk-ecdsa-sha2-nistp256@openssh.com sk-ecdsa-sha2-nistp256-cert-v01@openssh.com sk-ssh-ed25519@openssh.com sk-ssh-ed25519-cert-v01@openssh.com
 username-regex = [a-zA-Z0-9]+[.\-_]?[a-zA-Z0-9]+$
 git-serve-cmd = /usr/local/bin/aurweb-git-serve
 ssh-options = restrict