Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request: Add Hardware Key or PKI Card Support for Client Authentication #2915

Open
TKaluza opened this issue Nov 20, 2024 · 0 comments

Comments

@TKaluza
Copy link

TKaluza commented Nov 20, 2024

Is your feature request related to a problem? Please describe.
Currently, the Netbird client supports login via website and SSO, which is efficient for administration. However, for the actual client network connection functionality, it lacks support for direct hardware-based authentication methods. This can be a limitation in environments that prioritize physical security measures or use Public Key Infrastructure (PKI) for enhanced access control. Users who rely on hardware keys or PKI cards, such as YubiKeys, Nitrokeys, or smartcards, may find the existing process inconvenient or not aligned with their security protocols.

Describe the solution you'd like
I would like the Netbird client to "natively" (or as good as possible 😉 ) support hardware-based authentication methods, allowing users to authenticate directly using devices like FIDO2 keys (YubiKey, Nitrokey) or PKI-enabled smart cards.
This feature should be an alternative or addition for the functionality of the "Setup-Keys":

  • Authentication for connecting: Using the hardware device for login, with an optional PIN requirement for additional security.
  • Compatibility: Support for a range of devices, including USB, NFC, and Bluetooth-enabled keys, as well as PKI tokens with X.509 certificates.

This would provide a seamless and highly secure login mechanism for the client, reducing reliance on web-based authentication while aligning with hardware-backed security policies.

Describe alternatives you've considered
Custom Scripts: Employing custom scripts to integrate hardware keys indirectly, but this approach lacks native support and requires significant technical knowledge.
Relying on Web SSO: While feasible, web-based authentication does not utilize the potential of hardware security modules, especially in high-security environments.

Additional context
Supporting hardware keys for authentication would align the Netbird client with modern security practices and enhance its usability in enterprise settings. Many security-focused solutions already include such support, and adding this feature would make Netbird a more competitive and secure choice for networking needs.

If needed, I am happy to provide more details or test the feature with various hardware keys and smartcards.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants