search for: id_ecdsa_sk

...ched when the keys are used. FIDO token also generally require the user explicitly authorise operations by touching or tapping them. Generating a FIDO key requires the token be attached, and will usually require the user tap the token to confirm the operation: $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk Generating public/private ecdsa-sk key pair. You may need to touch your security key to authorize key generation. Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been sa...

...e for key generation and signing (e.g. pubkey authentication) operations. $ SSH_SK_PROVIDER=/path/to/libsk-libfido2.so $ export SSH_SK_PROVIDER $ ssh-keygen -t ecdsa-sk You will typically need to tap your token to confirm the keygen operation, but once complete this will yield a keypair at ~/.ssh/id_ecdsa_sk. It can be used much like any other key - id_ecdsa_sk.pub can be copied to a server's authorized_keys file and can be used for authentication, Note that the server only verifies signatures, so it doesn't need to communicate with tokens. The id_ecdsa_sk private key generated in this step is...

...ing a security key login that requires touch, no message is printed by the client or server while waiting for the touch. On security keys that support it, the light begins flashing, but this may be hard to notice. Excerpt from the attached session log: debug1: Offering public key: /home/kane/.ssh/id_ecdsa_sk ECDSA-SK SHA256:1bjhZUm1GLemKIhbwX33nP4zpLuW3VBPdH9kN1LH0bU explicit authenticator agent debug1: Server accepts key: /home/kane/.ssh/id_ecdsa_sk ECDSA-SK SHA256:1bjhZUm1GLemKIhbwX33nP4zpLuW3VBPdH9kN1LH0bU explicit authenticator agent [[ Exchange hangs until sk touch ]] Authenticated with partial su...

...hed when the keys are used. FIDO tokens also generally require the user explicitly authorise operations by touching or tapping them. Generating a FIDO key requires the token be attached, and will usually require the user tap the token to confirm the operation: $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk Generating public/private ecdsa-sk key pair. You may need to touch your security key to authorize key generation. Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been sa...

...hed when the keys are used. FIDO tokens also generally require the user explicitly authorise operations by touching or tapping them. Generating a FIDO key requires the token be attached, and will usually require the user tap the token to confirm the operation: $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk Generating public/private ecdsa-sk key pair. You may need to touch your security key to authorize key generation. Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been sa...

...hed when the keys are used. FIDO tokens also generally require the user explicitly authorise operations by touching or tapping them. Generating a FIDO key requires the token be attached, and will usually require the user tap the token to confirm the operation: $ ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk Generating public/private ecdsa-sk key pair. You may need to touch your security key to authorize key generation. Enter file in which to save the key (/home/djm/.ssh/id_ecdsa_sk): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been sa...

...3: timeout: 30000 ms remain after connect debug1: identity file /home/ago/.ssh/id_rsa type 0 debug1: identity file /home/ago/.ssh/id_rsa-cert type -1 debug1: identity file /home/ago/.ssh/id_ecdsa type -1 debug1: identity file /home/ago/.ssh/id_ecdsa-cert type -1 debug1: identity file /home/ago/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/ago/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/ago/.ssh/id_ed25519 type -1 debug1: identity file /home/ago/.ssh/id_ed25519-cert type -1 debug1: identity file /home/ago/.ssh/id_ed25519_sk type -1 debug1: identity file /home/ago/.ssh/id_ed25519_sk-ce...

https://bugzilla.mindrot.org/show_bug.cgi?id=3168 Bug ID: 3168 Summary: libssh.a(utf8.o): undefined reference to symbol 'strcasestr@@GLIBC_2.17' Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: critical Priority: P5

...debug1: identity file /export/home/user/.ssh/id_rsa type -1 debug1: identity file /export/home/user/.ssh/id_rsa-cert type -1 debug1: identity file /export/home/user/.ssh/id_ecdsa type -1 debug1: identity file /export/home/user/.ssh/id_ecdsa-cert type -1 debug1: identity file /export/home/user/.ssh/id_ecdsa_sk type -1 debug1: identity file /export/home/user/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /export/home/user/.ssh/id_ed25519 type -1 debug1: identity file /export/home/user/.ssh/id_ed25519-cert type -1 debug1: identity file /export/home/user/.ssh/id_ed25519_sk type -1 debug1: identity file...

...'ve been playing around with ecdsa-sk type keys since 8.3p1 came out in a recent openSUSE Tumbleweed snapshot. It works fine for me, except when I try to add a second Yubikey. My first key (a Yubikey 5c Nano) was set up with "ssh-keygen -t ecdsa-sk" using the default key files (~/.ssh/id_ecdsa_sk*), but when I try to do the same for a second key (a Yubikey 5 NFC, using USB), the light doesn't flash on the Yubikey when I'm prompted to press the Yubikey's button, so pressing the button has no effect, I'm not prompted for where to store the new key pair, and no key is created....