metabo7000
commented
1 month ago Hi I'm running 5.12 eddsa (with vendor patch to Yubikey 4/5 OTP+FIDO+CCID )on my pico board,using openssh windows from this repo. I managed to created resident ssh key and save it to the pico key(pretty sure about it since I see the light in processing mode and If I create a new ssh key with the same name it tells me there is already a key with same name there).
But it never allow me to readout the resident key using
ssh-add -K -S internalorssh-keygen -K. Using these command under a admin mode powershell(has to run under admin mode since this is a bug for openssh windows version)give me a result like thisssh-keygen -K -v Enter PIN for authenticator: You may need to touch your authenticator to authorize key download. debug1: find_helper: using "C:\\Program Files\\OpenSSH\\ssh-sk-helper.exe" as helper debug1: client_converse: helper returned error -60 Unable to load resident keys: device not foundI can see that the led light turned to press to confirm mode,and after I pressed the button,it turned to active mode rather than processing mode. Also there is something wrong with the hid device driver after I pluged in the pico key.
But Everything else works fine like using the key to login website with webauthn.
It even works when I login ssh with -i option to load the key file from local hard disk like:
ssh root@myserver -v -i .\id_ed25519_skI just can't use the ssh-add or ssh-keygen command to dump the key file from pico key to local disk.
I've tried several board like official pico board, waveshare pico zero and some board I made by myself,got the same result. Could it be the driver issue or something else?
Update: I just did some more test and confirmed that this issue(ssh key load and yellow exclamation mark in Device Manager) happens since 5.10 version,rollback to 5.8 solves the problem.But 5.8 has some other issues fixed in 5.10 and 5.12 which bother me more.
On the same pc(windows 11 os),using 5.8 version everything seems fine in the device manager,
with 5.10 version:
with 5.12 version:
No difference between eddsa branch or main branch.
yubico 5 and neo fido_5.8 firmware works great as it should, Yubico Authenticator and YubiKey Personalization Tool handle it, but fido 5.10 and 5.12 are completely defective, yubico manager programs don't handle them completely error-free either! The developer gives very few answers here on the forum, documentation is incomplete, hms versions are still we will never be able to communicate under Windows/Linux or with the recommended environmental software! tutorial video would help a lot for hsm device!
polhenarejos
meltingfuse
Hi I'm running 5.12 eddsa (with vendor patch to Yubikey 4/5 OTP+FIDO+CCID )on my pico board,using openssh windows from this repo. I managed to created resident ssh key and save it to the pico key(pretty sure about it since I see the light in processing mode and If I create a new ssh key with the same name it tells me there is already a key with same name there).
But it never allow me to readout the resident key using
ssh-add -K -S internalorssh-keygen -K. Using these command under a admin mode powershell(has to run under admin mode since this is a bug for openssh windows version)give me a result like thisI can see that the led light turned to press to confirm mode,and after I pressed the button,it turned to active mode rather than processing mode. Also there is something wrong with the hid device driver after I pluged in the pico key.
But Everything else works fine like using the key to login website with webauthn.
It even works when I login ssh with -i option to load the key file from local hard disk like:
ssh root@myserver -v -i .\id_ed25519_skI just can't use the ssh-add or ssh-keygen command to dump the key file from pico key to local disk.
I've tried several board like official pico board, waveshare pico zero and some board I made by myself,got the same result. Could it be the driver issue or something else?
Update: I just did some more test and confirmed that this issue(ssh key load and yellow exclamation mark in Device Manager) happens since 5.10 version,rollback to 5.8 solves the problem.But 5.8 has some other issues fixed in 5.10 and 5.12 which bother me more.
On the same pc(windows 11 os),using 5.8 version everything seems fine in the device manager,
with 5.10 version:
with 5.12 version:
No difference between eddsa branch or main branch.