My Journey into GSoC 2025: Adding FIDO key support to libssh
Table of Contents
Introduction⌗
I’m thrilled to share that I’ve been selected for Google Summer of Code (GSoC) 2025, and I will be contributing to the libssh organization! In this blog, I want to share my path to GSoC, my project details, and what lies ahead.
How It All Began⌗
Like many others in the open-source community, I started by exploring projects that aligned with my interests. I’ve always been passionate about security, networking, and low-level systems programming. When I stumbled upon libssh — a C library implementing the SSH protocol — I knew I had found something exciting.
I started reading the codebase, exploring existing issues, and interacting with the community on their matrix channel. Although I was initially intimidated by such a huge codebase, I tried to focus only on the relevant parts for each issue that I was working on. This way, I was able to understand parts of the codebase slowly and managed to make several contributions to libssh which can be found here.
My Project: FIDO Support in libssh⌗
The goal of my project is to add support for FIDO/U2F keys on the client side of libssh using the libfido2 library. FIDO (Fast IDentity Online) keys offer hardware-based two-factor and passwordless authentication, which is gaining traction in modern secure systems.
This project involves:
- Parsing and handling FIDO public key types (e.g.,
sk-ecdsa-sha2-nistp256@openssh.com) - Verifying signatures using the libfido2 API
- Adding necessary key parsing, serialization, and signature verification logic
- Maintaining compatibility with existing OpenSSH-style FIDO key formats
- Writing comprehensive unit tests and documentation
Why This Matters⌗
SSH is ubiquitous in secure remote communications, and libssh is used in several production-grade applications. By enabling FIDO support, we’re:
- Enhancing user security with phishing-resistant keys
- Aligning libssh with modern authentication trends
- Enabling developers to use hardware-backed keys for SSH communication
The Road Ahead⌗
The coding period will span 12 weeks, and my milestones are structured as follows:
- Community Bonding – Deep dive into libssh’s internals, get feedback from mentors
- Phase 1 – Implement FIDO key loading and serialization
- Phase 2 – Add signature verification and user interaction logic via libfido2
- Final Phase – Write tests, polish the implementation, and get merged!
Throughout this period, I’ll be regularly blogging and documenting my progress. I hope these posts will help others looking to get into open source or curious about SSH internals.
Gratitude⌗
I am incredibly thankful to my mentors from libssh for believing in my proposal, and to Google for this wonderful platform. I also thank my peers and seniors at SDSLabs and IIT Roorkee who guided me throughout the application process.