On Mon, 17 Feb 2020, Ron Frederick wrote: > Hello, > > I’m trying out the “resident key” functionality in OpenSSH 8.2, and > I’m having trouble getting it to find keys that I’ve created. > > I’m trying to create a new resident key using: > > ssh-keygen -O resident -t ed25519-sk -f <filename> > > This creates a key, but I’m not actually sure it is creating a > “resident” key, as when I try to dump out the resident keys with > either “ssh-keygen -K” or “ssh-add -K”, it doesn’t seem to find > anything, reporting back “No keys to download” in ssh-keygen and > silently failing in ssh-add (without loading any keys). > > I also noticed that I can enter pretty much anything at the PIN prompt > it gives me, and it doesn’t return an error or decrement the number of > available PIN retries when I view the key’s status. > > I’m doing these tests against OpenSSH portable HEAD on a Mac with a > Yubikey 5 NFC (connected via USB). > > Any thoughts on what I might be doing wrong? You can try running "ssh-keygen -Kvvv" to see more detail on what is going wrong, but I suspect the problem is that your key's firmware has incomplete resident key support. Some of my older Yubikey 5 tokens allowed me to create resident keys but not retrieve them. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
