trustcrypto / OnlyKey-Firmware

The OnlyKey Firmware runs on the OnlyKey itself and provides the core functionality of OnlyKey.
https://docs.crp.to/firmware.html
219 stars 41 forks source link

Support keys generated using `-O no-touch-required` with ssh-keygen #167

Open aitorpazos opened 1 year ago

aitorpazos commented 1 year ago

I am not able to use keys generated using -O no-touch-required option with ssh-keygen. One of the nice things of Onlykey is that I need to authenticate against the device, so an unlocked Onlykey means that I already confirmed I know the PIN. From then on, it is convenient to not have to confirm presence for every SSH operation. I use during my development work and it adds friction to automated flows to require me to touch the device on operations like pushing commits to Git repos or running ansible playbooks.

ssh git@github.com -vv log:

...
debug1: Server accepts key: /home/aitor/.ssh/id_ed25519_sk ED25519-SK SHA256:yKtAT/JzW09V6rRWRQmkjCmWtZvHgg5G8nP8+qDUpMI authenticator
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: process_sign: ready to sign with key ED25519-SK, provider internal: msg len 184, compat 0x0
debug1: sshsk_sign: provider "internal", key ED25519-SK, flags 0x20
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by cred
debug1: check_sk_options: option uv is unknown
debug1: sk_try: fido_dev_get_assert: FIDO_ERR_SUCCESS
...
manonfgoo commented 3 months ago

which version of ssh-keygen are you using ?