Open graystevens opened 3 years ago
Ack.
Fix incoming; ssh doesn't like us not signaling credProtect extension support in GetInfo.
Got auto-closed prematurely, will await the next release for feedback.
Have you got any rough timescales for when this may be included in a release? I'm keen to switch over from a few other keys, but this is blocking that unfortunately.
I think this particular PR should be in the latest released FW version 1.0.9, but I also can't full-heartedly recommend updating as there are other open issues still (some users claim ".7 works, but .8 and .9 do not").
Unable to download resident keys, should I open a new issue?
$ fido2-token -I /dev/hidraw1
proto: 0x02
major: 0x00
minor: 0x00
build: 0x00
caps: 0x05 (wink, cbor, msg)
version strings: U2F_V2, FIDO_2_0
extension strings: credProtect, hmac-secret
aaguid: xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
options: rk, up, credMgmt, clientPin
maxmsgsiz: 7609
maxcredcntlst: 10
maxcredlen: 512
fwversion: 0x0
pin protocols: 1
pin retries: 8
uv retries: undefined
$ ssh-add -K -v
Enter PIN for authenticator:
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_load_resident: provider "internal", have-pin
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by touch
debug1: ssh_sk_load_resident_keys: trying /dev/hidraw1
debug1: check_sk_options: option uv is unknown
debug1: read_rks: device /dev/hidraw1 does not support resident keys
debug1: main: reply len 4
$ solo2 ls
Solo 2 XXXXXXXXXXXXXXXXXXXXX (CTAP+PCSC, firmware 1:20200101.9)
The debug1: check_sk_options: option uv is unknown
line in ssh is printed after checking the fido_credman_get_dev_metadata()
returns FIDO_ERR_INVALID_COMMAND
$ fido2-token -I -c /dev/hidraw1
Enter PIN for /dev/hidraw1:
fido2-token: fido_credman_get_dev_metadata: FIDO_ERR_INVALID_COMMAND
I'm running into the same issue.
I've set up PIN and key was generated but when doing "ssh-add -vvv -K", I get
debug1: read_rks: device /dev/hidraw6 does not support resident keys
I'm running on latest .09 version
I've tried to generate a resident key on both of my Solo2s (USB-C and A) but both error out..
Tried the same sequence on Ubuntu 20.04 and Arch machines (where I can successfully see them via
solo2
and update them both). I've also runfido2-token
, which provided the following: