tavrez / openssh-sk-winhello

A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
GNU Lesser General Public License v3.0
187 stars 14 forks source link

"winhello.dll is not an OpenSSH FIDO library" says WSL #18

Open ninetailedtori opened 4 months ago

ninetailedtori commented 4 months ago

While I also have been unable to get this working in Windows's side, we can refer to WSL.md which sends us commands for this to work, which I have then entered, as below results: > SSH_SK_HELPER=/mnt/c/Program\ Files/Git/usr/lib/ssh/ssh-sk-helper.exe SSH_SK_PROVIDER=/mnt/f/winhello.dll ssh-key gen -t ed25519-sk -O resident Generating public/private ed25519-sk key pair. You may need to touch your authenticator to authorize key generation. lib_contains_symbol: open /mnt/f/winhello.dll: No such file or directory provider /mnt/f/winhello.dll is not an OpenSSH FIDO library Key enrollment failed: invalid format It matters not whether files are in the same or different directory either :) Without the files referenced in #12, namely the msys dlls, the command provides us with this: Generating public/private ed25519-sk key pair. You may need to touch your authenticator to authorize key generation. client_converse: receive: unexpected internal error reap_helper: helper exited with non-zero exit status Key enrollment failed: unexpected internal error Unsure how to get this working, since it seems to register on Windows as an OpenSSH FIDO library, namely these results: > ssh-keygen -w F:\winhello.dll -t ed25519-sk -O resident Generating public/private ed25519-sk key pair. You may need to touch your authenticator to authorize key generation. Enter PIN for authenticator: Key enrollment failed: unknown or unsupported key type But still doesn't work at all. Without resident flag, all it does is just immediately hit the "Key enrollment failed" line without even waiting for PIN on the authenticator. Unsure the problem here. I have putty installed if that's an issue, but I'm not sure if pageant is interfering given I haven't even set it up for smartcard auth? I have OpenPGP keys on the card already but since that's OpenPGP and these are FIDO so they shouldn't interfere right?

tavrez commented 4 months ago

I'm really not sure what the problem is or what you trying to achieve. This project functionality is now merged inside libfido2 and for most of the situations it's not needed anymore. If you are sure that you need this to work, could you tell me the version of your OpenSSH in WSL, and in windows?