[Bug 3188] Problems creating a second ecdsa-sk key for a second Yubikey

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jun 30 11:59:26 AEST 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3188

--- Comment #6 from David Walker <David at WalkerStreet.info> ---
(In reply to Damien Miller from comment #5)

> Can you try to talk to the card using a tool like ykman? E.g.

Here it is with the 5 NFC inserted:

  > ykman info
  Device type: YubiKey 5 NFC
  Serial number: 13377198
  Firmware version: 5.2.6
  Form factor: Keychain (USB-A)
  Enabled USB interfaces: OTP+FIDO+CCID
  NFC interface is enabled.

  Applications  USB     NFC    
  OTP           Enabled Enabled 
  FIDO U2F      Enabled Enabled 
  OpenPGP       Enabled Enabled 
  PIV           Enabled Enabled 
  OATH          Enabled Enabled 
  FIDO2         Enabled Enabled 

And here's the 5c Nano:

  > ykman info
  Device type: YubiKey 5C Nano
  Serial number: 11541414
  Firmware version: 5.2.4
  Form factor: Nano (USB-C)
  Enabled USB interfaces: OTP+FIDO+CCID

  Applications
  OTP           Enabled 
  FIDO U2F      Enabled 
  OpenPGP       Enabled 
  PIV           Enabled 
  OATH          Enabled 
  FIDO2         Enabled

Note that *neither* Yubikey works with ssh (and its associated tools)
for a period of time after the ssh-keygen failure, but both continue to
work with browsers (Vivaldi, in particular). Does ssh-sk-helper have
some kind of cache? The fact that things start working after a period
of time is suspicious to me.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list