similar to: [Bug 3761] New: ssh-keygen fails for security keys without attestation

I was recently looking at verifying the attestation data (ssh-sk-attest-v00) for a SK key, but I believe the data saved in this structure is insufficient for completing verification of the attestation. While the structure has enough information for U2F devices, FIDO2 devices sign their attestation over a richer "authData" blob [1] (concatenated with the challenge hash). The authData blob

Hi, So I finally have time to test the u2f support but so far I haven't been very successful, Specifically, current HEAD has SSH_SK_VERSION_MAJOR 0x00040000 and I can't seem to find a matching libfido2 version, current HEAD of Yubico/libfido2 is 0x00020000 Is there a more up to date libfido2 or a particular commit of openssh-portable I should be using? thanks Sean

On 2019-11-14, Damien Miller <djm at mindrot.org> wrote: > Please give this a try - security key support is a substantial change and > it really needs testing ahead of the next release. Hi Damien, Thanks for working on security key support, this is a really nice feature to have in openssh. My non-FIDO2 security key (YubiKey NEO) doesn't work with the latest changes to openssh

https://bugzilla.mindrot.org/show_bug.cgi?id=3815 Bug ID: 3815 Summary: ssh-verify-attestation fails to check attestation Product: Portable OpenSSH Version: 10.0p1 Hardware: amd64 OS: Linux Status: NEW Severity: trivial Priority: P5 Component: Miscellaneous Assignee:

Hi, As of this morning, OpenSSH now has experimental U2F/FIDO support, with U2F being added as a new key type "sk-ecdsa-sha2-nistp256 at openssh.com" or "ecdsa-sk" for short (the "sk" stands for "security key"). If you're not familiar with U2F, this is an open standard for making inexpensive hardware security tokens. These are easily the cheapest way

OpenSSH 8.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

Hi, What I was trying to do (apart from toying with stuff) was to get a realiable, single, portable/importable credential that would be universally available whenever I need it but in normal operation would be either stored in or wrapped by Secure Enclave (this means EC keys), instead of provisioning 5 resident FIDO keys, one Secretive SE-wrapper key and a backup key. (I know, I could use

OpenSSH 8.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

OpenSSH 8.2 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

I updated to the latest versions of libfido2 and openssh-portable tonight, with an intention to test out the security key functionality and look closely at the changes over the last couple of months to see if I need to change anything in my AsyncSSH implementation to stay in sync. However, it seems that libfido2 no longer provides the ?libsk-libfido2.so? library that it used to. That was something

Hi, OpenSSH 8.2p1 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a feature release. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is also available via git using the instructions at

OpenSSH 8.4 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

https://bugzilla.mindrot.org/show_bug.cgi?id=2432 Bug ID: 2432 Summary: ssh-keygen and tools should be able to get public part directly from private key (portability) Product: Portable OpenSSH Version: 6.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=3613 Bug ID: 3613 Summary: Unable to sign using certificates and PKCS#11 Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

I tested building the openSUSE Tumbleweed package locally with the 20250403 snapshot and doing a live test and it works fine. I then also did try "make tests" on the vanilla snapshot sources and at first they failed to even build but after a quick fix that I've submitted at https://bugzilla.mindrot.org/show_bug.cgi?id=3806 the tests run fine too. Thanks! El mi?, 2 abr 2025 a las

I've had a patch on the bugzilla for a while related to U2F with support for a few additional settings such as providing a path to a specific key to use instead of the first one found and setting if user presence is required when using the key. Is there any objection to folding those parts in if appropriate? Joseph, to offer comment on NIST P-256. There was originally quite a limited subset

I''m trying to download a torrent from a site that requires authentication, but the tracker refuses the connection. This is the error in the log: (With a slightly obfuscated passkey) -------------- trying tracker http://www.moviehouse.nl/announce.php?passkey=a60240a26d4018****************** warning: couldn''t connect to tracker, next try in 10 seconds connecting to

On Tue, Jan 10, 2017 at 11:12 AM, Mark LaPierre <marklapier at gmail.com> wrote: > Hey all, I'm trying to install the fedora-packager group so that I can > build Fedora source packages into RPMs that I can install. I'm getting > this error: > > Error: Package: fedora-packager-0.6.0.1-1.el6.noarch (epel) > Requires: python-yubico > <SNIP> >

On 01/10/17 13:12, Tony Schreiner wrote: > On Tue, Jan 10, 2017 at 11:12 AM, Mark LaPierre <marklapier at gmail.com> > wrote: > >> Hey all, I'm trying to install the fedora-packager group so that I can >> build Fedora source packages into RPMs that I can install. I'm getting >> this error: >> >> Error: Package:

Hey all, I'm trying to install the fedora-packager group so that I can build Fedora source packages into RPMs that I can install. I'm getting this error: Error: Package: fedora-packager-0.6.0.1-1.el6.noarch (epel) Requires: python-yubico <SNIP> [root at peach ~]# yum install python-yubico <SNIP> No package python-yubico available. Do you suppose that maybe this