Resident keys?

[Ron Frederick]

Hello,

I’m trying out the “resident key” functionality in OpenSSH 8.2, and I’m having trouble getting it to find keys that I’ve created.

I’m trying to create a new resident key using:

    ssh-keygen -O resident -t ed25519-sk -f <filename>

This creates a key, but I’m not actually sure it is creating a “resident” key, as when I try to dump out the resident keys with either “ssh-keygen -K” or “ssh-add -K”, it doesn’t seem to find anything, reporting back “No keys to download” in ssh-keygen and silently failing in ssh-add (without loading any keys).

I also noticed that I can enter pretty much anything at the PIN prompt it gives me, and it doesn’t return an error or decrement the number of available PIN retries when I view the key’s status.

I’m doing these tests against OpenSSH portable HEAD on a Mac with a Yubikey 5 NFC (connected via USB).

Any thoughts on what I might be doing wrong?
-- 
Ron Frederick
ronf at timeheart.net