Support for FIDO/U2F in SSH

Ribas — Fri, 12 Sep 2025 21:07:05 GMT

Hello,

I am trying to use my YubiKey to connect to a Check Point appliance via SSH. My goal is to use FIDO2 [1], which is the recommended protocol for strong authentication. Unfortunately, this does not work.

When I connect to modern Linux distributions (Ubuntu, Oracle Linux, Debian, etc.), YubiKey with FIDO2 works correctly. However, I cannot establish an SSH connection to the Check Point appliance.

After some research, it seems that the issue is related to the SSH version currently used by Check Point. In our environment, we are running version R81.20, which ships with OpenSSH 7.8. This version is outdated, having been released back in 2018 [3]. FIDO2 support was only introduced in OpenSSH 8.2, released in 2020 [2].

Could you please confirm if there are any plans to upgrade the OpenSSH version used in Check Point appliances, or at least to add FIDO2 support? FIDO2 is a modern, secure authentication protocol, and as a leading security vendor, Check Point should strongly consider supporting it as soon as possible.

Thank you for your support.

[1] https://developers.yubico.com/SSH/Securing_SSH_with_FIDO2.html
[2] https://www.openssh.com/txt/release-8.2
[3] https://www.openssh.com/txt/release-7.8

Re: Support for FIDO/U2F in SSH

PhoneBoy — Wed, 17 Sep 2025 14:25:47 GMT

There may be more involved than that.
For formal support, it's probably going to require an RFE.

Re: Support for FIDO/U2F in SSH

the_rock — Wed, 17 Sep 2025 20:08:51 GMT

I actually showed this post on zoom session I had with TAC today on totally unrelated issue and guy said this would 100% be an RFE, so thats definitely your best bet.

Andy

topic Re: Support for FIDO/U2F in SSH in General Topics

Support for FIDO/U2F in SSH

Re: Support for FIDO/U2F in SSH

Re: Support for FIDO/U2F in SSH