search for: ed25519_sk

...Priority: P5 Component: ssh-keygen Assignee: unassigned-bugs at mindrot.org Reporter: snegrea at gmail.com no-touch-required flag is not set by ssh utilities when a key is restored from hardware tokens and defaults to always requiring user presence. Even when ed25519_sk or ecdsa-sk keys are generated with no-touch-required active, the process or restoring the key on another computer or using the key without downloading will result in always requiring touch because the flag is not properly restored. This incorrect behavior is consistent for ed25519_sk and ecdsa-sk...

On Wed, 5 Feb 2020, Phil Pennock wrote: > On 2020-02-06 at 10:29 +1100, Damien Miller wrote: > > * sshd(8): allow the UpdateHostKeys feature to function when > > multiple known_hosts files are in use. When updating host keys, > > ssh will now search subsequent known_hosts files, but will add > > updated host keys to the first specified file only. bz2738 >

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

...CERT: + if (k->dsa && k->dsa->priv_key) + return 1; + break; + case KEY_ECDSA: + case KEY_ECDSA_CERT: + if (k->ecdsa && EC_KEY_get0_private_key(k->ecdsa)) + return 1; + break; +#endif /* WITH_OPENSSL */ + case KEY_ED25519: + case KEY_ED25519_CERT: + if (k->ed25519_sk) + return 1; + break; + case KEY_UNSPEC: + break; + } + + return 0; +} + /* Return the cert-less equivalent to a certified key type */ int sshkey_type_plain(int type) diff -u -r -p openssh-6.9p1/sshkey.h openssh.cert_shadow/sshkey.h --- openssh-6.9p1/sshkey.h 2015-07-01 04:35:31.000000000 +0...

..._KEY_get0_private_key(ke->ecdsa), NULL); TEST_DONE(); -#endif +#endif /* OPENSSL_HAS_ECC */ +#endif /* WITH_OPENSSL */ TEST_START("generate KEY_ED25519"); ASSERT_INT_EQ(sshkey_generate(KEY_ED25519, 256, &kf), 0); @@ -323,6 +332,7 @@ sshkey_tests(void) ASSERT_PTR_NE(kf->ed25519_sk, NULL); TEST_DONE(); +#ifdef WITH_OPENSSL TEST_START("demote KEY_RSA"); ASSERT_INT_EQ(sshkey_demote(kr, &k1), 0); ASSERT_PTR_NE(k1, NULL); @@ -370,7 +380,8 @@ sshkey_tests(void) ASSERT_INT_EQ(sshkey_equal(ke, k1), 1); sshkey_free(k1); TEST_DONE(); -#endif +#endif /* OP...

Hi, OpenSSH 6.9 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is