SSH FIDO key types do not work (ecdsa-sk and ed25519-sk)

[Tomaszal]

Explain what happens

1. Log into Cockpit
2. Go to add an SSH key
3. Select an SSH key of type ecdsa-sk or ed25519-sk
4. Click Add
5. Nothing happens

Version of Cockpit

264

Where is the problem in Cockpit?

Accounts

Server operating system

Arch Linux

Server operating system version

No response

What browsers are you using?

Firefox

System log

No response

[martinpitt]

This sounds like a limitation of libssh, the SSH library that cockpit-ssh uses. It's worth trying with the most recent version, we recently got libssh 0.10 in Fedora, Debian testing, and hopefully also Arch.

We are currently working on rewriting cockpit-ssh around the standard ssh(1) program, which will fix such issues in general.

[proninyaroslav]

It's worth trying with the most recent version, we recently got libssh 0.10 in Fedora, Debian testing, and hopefully also Arch.

This also doesn't work so far on version 0.10.6 (Fedora Server 40)

[proninyaroslav]

@martinpitt Are there any plans to add support for ed25519-sk and at what stage of its implementation?

[martinpitt]

@proninyaroslav It should already work with the "Add host" functionality in a running cockpit session. That already uses standard ssh(1), not cockpit-ssh.

[proninyaroslav]

@martinpitt When I try to "Add host" the server on which cockpit is installed and authorize the ssh key, it says authorization error, or hangs on authorization when adding a host.

P.S: As I understand it, this requires me to insert a hardware token into the server, but I need authorization on the client and the token is inserted on the client machine, so how does this work with the CLI SSH when I enter the host and touch the token for authorization.