[Bug 3121] New: Without --with-security-key-builtin=yes, the tools give non-useful error logs
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Feb 18 21:27:09 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3121
Bug ID: 3121
Summary: Without --with-security-key-builtin=yes, the tools
give non-useful error logs
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
In Fedora, we do not have the libfido2 so I built the OpenSSH without
--with-security-key-builtin=yes flag and when trying to use the tools,
one gets hard-to-decipher error messages:
$ ssh-keygen -t ecdsa-sk -f /tmp/.ssh/id_ecdsa_sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Provider "" dlsym(sk_api_version) failed:
/usr/libexec/openssh/ssh-sk-helper: undefined symbol: sk_api_version
Key enrollment failed: invalid format
I think when there is no internal u2f support, no environment variable
provided and no -w provided we should fail earlier than when trying to
dlopen zero-lenght string.
I did not test other tools yet, but I assume they will be failing in
similar manner.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list