Ron Frederick ronf at
Thu Feb 6 17:11:57 AEDT 2020

I updated to the latest versions of libfido2 and openssh-portable tonight, with an intention to test out the security key functionality and look closely at the changes over the last couple of months to see if I need to change anything in my AsyncSSH implementation to stay in sync. However, it seems that libfido2 no longer provides the “” library that it used to. That was something I was counting on being able to link against in AsyncSSH, so I didn’t have to directly call into libfido2 and could instead use the much simpler sk_enroll/sk_sign API that libsk provided.

After looking around a bit, I saw a comment in the libfido2 repo about the libsk functionality moving into OpenSSH itself, but I don’t see any way to build that as a library any more. In fact, the only implementation I can find now is the one in sk-usbhid.c which seems to be used when “—with-security-key-builtin” is set in configure. Is there any way that this support can still be built as a library?
Ron Frederick
ronf at

More information about the openssh-unix-dev mailing list