U2F and Fedora

linux, security, u2f, ssh

Updates on two unrelated topics:


Earlier I reported on the fact that I can now use my U2F fob to authenticate and unlock my ssh keys. Support was not great yet at that time, but meanwhile I can report that both Github and Sourcehut support -sk keys now! Gitlab does not yet. My employer uses CentOS 8.3 in it’s supercomputers, which unfortunately is still stuck on OpenSSH 8.0, and I suppose will be for some time. Here’s hoping that the early termination of CentOS 8 later this year will translate to an update. 🤞

Fedora 34

I upgraded a system to Fedora 34 (from 33) last week. The upgrade went without hitches, which is great, but three things have changed for the worse (imho):

  1. First is that the combo of Fedora 34 and KDE Plasma 5.22 default to ‘offline updates’. For any updates initiated through the GUI. Which is no longer the convenient menu in the tray, but the rather sluggish and slower software center, where, moreover, the individual packages are no longer shown, just an opaque ‘Update’. You can hover for details, but this is in many way a step back if you ask me. Changes that allow you to disable these offline updates have not yet landed in Fedora 34, and I don’t know if they will.
  2. Secondly, also Plasma defaults to Wayland now, and it didn’t take very for my screen to lock up repeatedly. Not great!
  3. Last: Plasma’s Autostart setting just does not work. See this bug report.