Closed wujas-dongiel closed 2 years ago
Hi,
Thank you for the report. As you have observed, the problem is due to mismatching API versions:
Provider "./libsk-libfido2.so" implements unsupported version 0x00040000 (supported: 0x00070000)
If possible, consider rebuilding OpenSSH with --with-security-key-builtin
, which will make OpenSSH use its internal middleware. The alternative would be to update https://github.com/pts/external-sk-libfido2 to provide the API version expected by your existing OpenSSH build.
-p.
Hi,
Thanks for Your reply. I've compiled with the --with-security-key-builtin
and now it works.
libfido2-1.11.0 Linux Slackware 15.0 OpenSSH 8.8p1-x86_64-2
I have similar problem to issue reported here Key enrollment failed: invalid format
$ ssh-keygen -t ed25519-sk -vvvv
Generating public/private ed25519-sk key pair. You may need to touch your authenticator to authorize key generation. debug3: start_helper: started pid=7418 debug3: ssh_msg_send: type 5 debug3: ssh_msg_recv entering debug1: start_helper: starting /usr/libexec/ssh-sk-helper debug1: sshsk_enroll: provider "", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0 debug1: sshsk_enroll: using random challenge No FIDO SecurityKeyProvider specified debug1: ssh-sk-helper: Enrollment failed: invalid format debug1: main: reply len 8 debug3: ssh_msg_send: type 5 debug1: client_converse: helper returned error -4 debug3: reap_helper: pid=7418 Key enrollment failed: invalid formatfido2-token -L
fido2-token -I
FIDO_DEBUG=1
ykman info
I've built the libsk-libfido2.so from here external-sk-libfido2 but get the following
$ssh-keygen -t ed25519-sk -w ./libsk-libfido2.so -vvvvv
Generating public/private ed25519-sk key pair. You may need to touch your authenticator to authorize key generation. debug3: start_helper: started pid=8144 debug3: ssh_msg_send: type 5 debug3: ssh_msg_recv entering debug1: start_helper: starting /usr/libexec/ssh-sk-helper debug1: sshsk_enroll: provider "./libsk-libfido2.so", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0 debug1: sshsk_enroll: using random challenge debug1: sshsk_open: provider ./libsk-libfido2.so implements version 0x00040000 Provider "./libsk-libfido2.so" implements unsupported version 0x00040000 (supported: 0x00070000) debug1: ssh-sk-helper: Enrollment failed: invalid format debug1: main: reply len 8 debug3: ssh_msg_send: type 5 debug1: client_converse: helper returned error -4 debug3: reap_helper: pid=8144 Key enrollment failed: invalid formatI've tried it with libfido-1.4.0 and libfido2-1.11.0 with the same result When I've cheated a bit and changed the api version line to match the supported version (0x00070000) and recompiled then at least I was asked for PIN and expected to touch Yubikey. But that failed otherwise.