Securely authenticating to remote systems seems like a solved problem: we have SSH, which is a secure cryptographic system with public key authentication, strong encryption and many addons and extensions that even allow hardware-based security such as smart cards and YubiKeys.

However, all this falls apart if we need to access a system with no network connection. These could range from low-end small IoT devices to even high performance servers with a broken or a misconfigured network card. Such systems usually only provide access via a serial port (or a similar text based interface) or emulate a browser-based KVM (keyboard-video-mouse). So to authenticate one needs to actually type something in and most text based authentication is still relying on plain old passwords.

Password-based authentication has some security challenges: passwords may leak, may be cracked and need to be rotated periodically. Wouldn’t it be great to be able to just use the same secure cryptographic authentication as in SSH for text-based logins? This presentation proposes a protocol and an implementation on how to reuse existing SSH keys for text based authentication. We will also explore how to further enhance the security of the solution by using hardware-backed SSH credentials.