[Bug 3748] "webauthn-sk-ecdsa-sha2-nistp256 at openssh.com" signature type not supported from ssh agent

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jun 2 08:38:19 AEST 2025


https://bugzilla.mindrot.org/show_bug.cgi?id=3748

Jó Ágila Bitsch <jgilab at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jgilab at gmail.com

--- Comment #6 from Jó Ágila Bitsch <jgilab at gmail.com> ---
Created attachment 3881
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3881&action=edit
patch for allowing webauthn signatures via ssh agent

I was running into the same problem and would like to suggest the
following (see patch):
* add special handling for KEY_ECDSA_SK in
sshkey_match_keyname_to_sigalgs as already exists for KEY_RSA
* use sshkey_match_keyname_to_sigalgs instead of sshkey_sigalg_by_name
in sshkey_check_sigtype.

Does that make sense or am I overlooking something obvious?

I did not yet check, if certs would need special handling as well.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list