search for: sshsk_sign

...mplementation(sk-usbhic.c) however since Windows 10 version 1903 this requires administrator privileges. I'm trying to create a module for OpenSSH to use webauthn.dll instead of direct calling to libfido2 to eliminate the need for administrator privileges I noticed that in ssh-sk.c in function sshsk_sign you hash the input data before passing it to external module sk_sign function. The problem is, Windows API automatically hash the input before sending it to fido device, so I need to receive the data without hashing to be able to use this or else the data will be hashed two times and verification w...

.../cVESDcBZsKSWcro explicit authenticator Confirm user presence for key ECDSA-SK SHA256:HixXHmVbrCZRxWUXIDOZF50VAIf/cVESDcBZsKSWcro debug1: start_helper: starting /usr/lib/ssh/ssh-sk-helper debug1: process_sign: ready to sign with key ECDSA-SK, provider internal: msg len 360, compat 0x4000000 debug1: sshsk_sign: provider "internal", key ECDSA-SK, flags 0x25 debug1: sk_probe: 2 device(s) detected debug1: sk_probe: selecting sk by touch debug1: sk_touch_poll: polling /dev/hidraw7 debug1: sk_touch_poll: polling /dev/hidraw5 ... debug1: sk_touch_poll: polling /dev/hidraw7 debug1: sk_touch_poll: poll...

...sup0UgSqu5k debug3: start_helper: started pid=11453 debug3: ssh_msg_send: type 5 debug3: ssh_msg_recv entering debug1: start_helper: starting /usr/libexec/ssh-sk-helper debug1: process_sign: ready to sign with key ECDSA-SK, provider /usr/lib/ssh-keychain.dylib: msg len 363, compat 0x4000000 debug1: sshsk_sign: provider "/usr/lib/ssh-keychain.dylib", key ECDSA-SK, flags 0x21 debug1: sshsk_open: provider /usr/lib/ssh-keychain.dylib implements version 0x000a0000 debug1: main: reply len 63 debug3: ssh_msg_send: type 5 debug3: reap_helper: pid=11453 User presence confirmed debug3: send packet: type...

Hi, Sometimes, users might find that the `ssh-sk-helper` crashes after enrolling a new key when using external SK libraries. Currently, the memory returned by SK APIs is freed by the host, but external libraries may have their own methods of handling memory. For instance some external libraries are linked against a foreign libc statically. As a result, the `ssh-sk-helper` would have issues if

On 2019-11-14, Damien Miller <djm at mindrot.org> wrote: > Please give this a try - security key support is a substantial change and > it really needs testing ahead of the next release. Hi Damien, Thanks for working on security key support, this is a really nice feature to have in openssh. My non-FIDO2 security key (YubiKey NEO) doesn't work with the latest changes to openssh