Closed TV4Fun closed 5 months ago
Okay, it turns out Homebrew's OpenSSH install was not using my build of libfido2. I had to uninstall Homebrew's OpenSSH and libfido2 and install my own version of both built from sources from the latest git/main checkout. After doing that, it generated correctly.
What version of libfido2 are you using? Latest checkout from git/main, built on my machine. What operating system are you running? macOS 14.4.1 (23E224)
What application are you using in conjunction with libfido2? OpenSSH_9.7p1, OpenSSL 3.2.1 30 Jan 2024, specifically with ssh-keygen How does the problem manifest itself? I am trying to generate a FIDO2 key on my YubiKey Nano 5C:
I tried using the standard command
ssh-keygen -t ed25519-sk -O resident -O application=ssh:Nomad -O verify-required
and after verifying my PIN and my tap, I gotKey enrollment failed: invalid format
. Running with-vvvv
showed both aFIDO_ERR_RX
and aFIDO_ERR_NO_CREDENTIALS
. Following the advice here I installed a custom libsk-libfido2, which then gave different errors but still ended with invalid format. Following the advice here I built my own version oflibsk-libfido2.dylib
with-DSK_DEBUG
. That gave a lot of detail which doesn't mean much to me, but hopefully will to you. I also installed my own debug build of libfido2 and ran withFIDO_DEBUG=1
. It looks like the error that is now stopping it isfido_hid_read: read: Resource temporarily unavailable
and I am not sure why that is appearing. It appears consistently every time I try to run it. Have tried rebooting, updating OpenSSH and LibFido2 from Homebrew. Let me know what else I should try.ETA: Trying to run
examples/cred
gives:Is the problem reproducible? Happens every time, haven't figured out a way to generate a key successfully. What are the steps that lead to the problem? Try to generate a key per instructions here with
ssh-keygen -t ed25519-sk -O resident -O application=ssh:Nomad -O verify-required
Does the problem happen with different authenticators? Tried a few different versions of OpenSSH and libfido2
Please include the output of
fido2-token -L
.fido2-token -L
Please include the output of
fido2-token -I
.fido2-token -I
Please include the output of
FIDO_DEBUG=1
.FIDO_DEBUG=1