Closed Sidicer closed 2 months ago
Only loading keys is currently supported via command-line arguments.
As far as I'm aware, ssh-keygen
on Windows does not support -t ecdsa-sk
or -t ed25519-sk
. But if it does, SK SSH Agent can load the key file that it generates. The -O resident
option isn't useful as far as SK SSH Agent is concerned, since (with the current Windows APIs) it can't support loading the key from the security key, so you'd have to load the private key file anyway.
What's the use case for automating key generation? You have to interact with the security key during the key generation process, so it can't be fully automated.
Windows OpenSSH above 8.9p1
supports -sk
keys.
Remove-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
winget install "openssh beta"
Stop-Service -Name sshd -Force -ErrorAction SilentlyContinue
Set-Service -Name sshd -StartupType Disabled
Stop-Service -Name ssh-agent -Force -ErrorAction SilentlyContinue
Set-Service -Name ssh-agent -StartupType Disabled
ssh-keygen -t ed25519-sk -O resident -O application=ssh:fidotest -q -N '""' -C "fidotest"
Only issue is that this works if PubkeyAuthOptions verify-required
is not enabled on the server. verify-required
does not work when connecting from windows machine using sk-ssh-agent.
edit: -O verify-required
fixes PubkeyAuthOptions verify-required
. So no issue. -sk
keys are working with new openssh version. automation just to make it quicker in the future, ssh-keygen
is use for everything key generation related.
Hello. I am looking on automating the whole procedure of generating and loading the keys using
sk-ssh-agent
but after a quick glance I was not able to see if it's possible to do so without using the UI ?I saw from the previous issue that loading the key is possible by running
sk-ssh-agent
and providing a path to the key as an argument, but is it possible to do similar thing with key generation ?Or should I be able to just use
ssh-keygen
and select to generate inside usb smartkey with-O "resident" -O "verify-required"