Re: Resident keys?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Mon, 17 Feb 2020, Ron Frederick wrote:

> Hello,
>
> I’m trying out the “resident key” functionality in OpenSSH 8.2, and
> I’m having trouble getting it to find keys that I’ve created.
>
> I’m trying to create a new resident key using:
> 
>     ssh-keygen -O resident -t ed25519-sk -f <filename>
>
> This creates a key, but I’m not actually sure it is creating a
> “resident” key, as when I try to dump out the resident keys with
> either “ssh-keygen -K” or “ssh-add -K”, it doesn’t seem to find
> anything, reporting back “No keys to download” in ssh-keygen and
> silently failing in ssh-add (without loading any keys).
>
> I also noticed that I can enter pretty much anything at the PIN prompt
> it gives me, and it doesn’t return an error or decrement the number of
> available PIN retries when I view the key’s status.
>
> I’m doing these tests against OpenSSH portable HEAD on a Mac with a
> Yubikey 5 NFC (connected via USB).
>
> Any thoughts on what I might be doing wrong?

You can try running "ssh-keygen -Kvvv" to see more detail on what is
going wrong, but I suspect the problem is that your key's firmware
has incomplete resident key support. Some of my older Yubikey 5 tokens
allowed me to create resident keys but not retrieve them.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux