mc-agent doesn't support ecdsa-sk "stub" files?

[spoelstraethan]

I was previously using a Yubikey which allows me to store a GPG key on the device and use it for SSH and I'm able to easily fetch the public portion of the key and configs from the web.

I was hoping for a similar workflow with the Mini/MiniBLE and its SSH functionality through FIDO2, but it appears that there isn't a separate SSH tab in Moolticute (yet/anymore?), and the details seem a bit scarce about whether I need to upload the public/private files generated to the Files tab, but if mc-agent is supposed to do that for me, it appears it doesn't like the ecdsa-sk format.

https://docs.github.com/en/github/authenticating-to-github/connecting-to-github-with-ssh/generating-a-new-ssh-key-and-adding-it-to-the-ssh-agent#generating-a-new-ssh-key-for-a-hardware-security-key

After I generate a key (using ecdsa-sk and not the ed25519 because that doesn't work with the MiniBLE) and tried to use mc-agent add id_ecdsa_sk it failed with a parsing error.

Failed to parse, ssh: unhandled key type

I did confirm I was able to load the same key using the latest ssh-agent from Homebrew's OpenSSH formula.

Sidenote when following the GitHub directions, I'd noticed the MiniBLE directions mentioned only ecdsa but GitHub assumes the other type is the first one to try to create.

Results of trying to do the ed25519 with the MiniBLE.

ssh-keygen -t ed25519-sk -C "myemail@mydomain.com"
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: requested feature not supported

[limpkin]

Hello there!
I may be confused here but the SSH tab is a separate topic than the FIDO2 functionality :). For FIDO2 authentication, the last 3 links at https://mooltipass.github.io/minible/ should work for the Mini BLE and you therefore don't need to use mc-agent :)
So in your case switching to ecdsa should work... please let me know if I got it right :)

[spoelstraethan]

It appears the Git hosting we are using isn't compatible with the ecdsa keys (Azure DevOps Repos, RSA only??? when GitHub also owned by Microsoft supports a huge array of key types???) so it might be a moot point.

My thought was if I copied the id_ecdsa_sk.pub (and non-pub) to the MiniBLE I could put them onto a new host without needing to generate a new key for each development machine that I work from. I'd still have to install the Mooltipass app to perform the file management, but since I'm not having much luck with the FIDO2 for SSH for anywhere other than GitHub I might test the RSA files route to see if it is on par with the GPG experience or slightly less hassle.