search for: id_ed25519_sk

...ent Assignee: unassigned-bugs at mindrot.org Reporter: bluebird090909 at proton.me When using FIDO2 keys in combination with the option verify-required, using ssh-agent will fail with the error message: sign_and_send_pubkey: signing failed for ED25519-SK "/home/user/.ssh/id_ed25519_sk" from agent: agent refused operation When the ssh-agent is not used or the key has not yet been cached, the login operation works as expected, asking the passphrase for the local identity key, followed by the FIDO2 device PIN, followed by a request to touch the device. running ssh-add -l w...

...rew is right. Thank you for your help and understanding! Quoting from [1]: It really makes no sense to me why credential management is needed by OpenSSH in the first place. In fact it doesn't even make sense to me why resident credentials are needed by OpenSSH. Firstly, the private key file `id_ed25519_sk` contains primarily the FIDO credential, which is nothing secret and should logically be placed in `id_ed25519_sk.pub` which resides on the remote server. This way FIDO authenticators wouldn't even need to support resident credentials to function with OpenSSH. Secondly, assuming that there is s...

...elp and understanding! > > Quoting from [1]: > > It really makes no sense to me why credential management is needed by > OpenSSH in the first place. In fact it doesn't even make sense to me why > resident credentials are needed by OpenSSH. Firstly, the private key file > `id_ed25519_sk` contains primarily the FIDO credential, which is nothing > secret and should logically be placed in `id_ed25519_sk.pub` which resides > on the remote server. It's done this way to allow FIDO keys to work along other key types in the SSH protocol without requiring a whole new authenticat...

...openssh code it seems that the flag below is never properly used when reading or restoring a key from hardware tokens: sk-api.h #define SSH_SK_USER_PRESENCE_REQD 0x01 Here is lists of steps to fully reproduce the issue: Step 1. Generate a new ed25519_sk. This new key will be stored in .ssh/id_ed25519_sk. Please note the `no-touch-required` and `resident` parameters on the key generation. $ ssh-keygen -vvvv -t ed25519-sk -O no-touch-required -O resident -O application=ssh:test Step 2. Confirm the generated key has `no-touch-required` option enabled with ssh-keygen. In the output below, please not...

...id_ecdsa-cert type -1 debug1: identity file /home/root/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/root/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/root/.ssh/id_ed25519 type -1 debug1: identity file /home/root/.ssh/id_ed25519-cert type -1 debug1: identity file /home/root/.ssh/id_ed25519_sk type -1 debug1: identity file /home/root/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/root/.ssh/id_xmss type -1 debug1: identity file /home/root/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_10.0 debug1: Remote protocol version 2.0, remote software version Op...

...usnak via openssh-unix-dev: > Quoting from [1]: > > It really makes no sense to me why credential management is needed by > OpenSSH in the first place. In fact it doesn't even make sense to me why > resident credentials are needed by OpenSSH. Firstly, the private key file > `id_ed25519_sk` contains primarily the FIDO credential, which is nothing > secret and should logically be placed in `id_ed25519_sk.pub` which resides > on the remote server. This way FIDO authenticators wouldn't even need to > support resident credentials to function with OpenSSH. They don't nee...

....ssh/id_ecdsa-cert type -1 debug1: identity file /home/ago/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/ago/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/ago/.ssh/id_ed25519 type -1 debug1: identity file /home/ago/.ssh/id_ed25519-cert type -1 debug1: identity file /home/ago/.ssh/id_ed25519_sk type -1 debug1: identity file /home/ago/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/ago/.ssh/id_xmss type -1 debug1: identity file /home/ago/.ssh/id_xmss-cert type -1 debug1: identity file /home/ago/.ssh/id_dsa type -1 debug1: identity file /home/ago/.ssh/id_dsa-cert type -1 debug1:...

https://bugzilla.mindrot.org/show_bug.cgi?id=3168 Bug ID: 3168 Summary: libssh.a(utf8.o): undefined reference to symbol 'strcasestr@@GLIBC_2.17' Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: critical Priority: P5

.../.ssh/id_ecdsa-cert type -1 debug1: identity file /home/jfp/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/jfp/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/jfp/.ssh/id_ed25519 type 3 debug1: identity file /home/jfp/.ssh/id_ed25519-cert type -1 debug1: identity file /home/jfp/.ssh/id_ed25519_sk type -1 debug1: identity file /home/jfp/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/jfp/.ssh/id_xmss type -1 debug1: identity file /home/jfp/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_10.0 debug1: Remote protocol version 2.0, remote software version OpenS...

...ity file /export/home/user/.ssh/id_ecdsa_sk type -1 debug1: identity file /export/home/user/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /export/home/user/.ssh/id_ed25519 type -1 debug1: identity file /export/home/user/.ssh/id_ed25519-cert type -1 debug1: identity file /export/home/user/.ssh/id_ed25519_sk type -1 debug1: identity file /export/home/user/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /export/home/user/.ssh/id_xmss type -1 debug1: identity file /export/home/user/.ssh/id_xmss-cert type -1 debug1: identity file /export/home/user/.ssh/id_dsa type -1 debug1: identity file /export/ho...

...1 debug1: identity file /home/bsradmin/.ssh/id_ecdsa_sk type -1 debug1: identity file /home/bsradmin/.ssh/id_ecdsa_sk-cert type -1 debug1: identity file /home/bsradmin/.ssh/id_ed25519 type -1 debug1: identity file /home/bsradmin/.ssh/id_ed25519-cert type -1 debug1: identity file /home/bsradmin/.ssh/id_ed25519_sk type -1 debug1: identity file /home/bsradmin/.ssh/id_ed25519_sk-cert type -1 debug1: identity file /home/bsradmin/.ssh/id_xmss type -1 debug1: identity file /home/bsradmin/.ssh/id_xmss-cert type -1 debug1: identity file /home/bsradmin/.ssh/id_dsa type -1 debug1: identity file /home/bsradmin/.ssh/id...