u2f / libfido2 version

Sean Liao seankhliao at gmail.com
Mon Jan 13 10:27:50 AEDT 2020


Thanks for the hint,
got it working by not setting $SSH_SK_PROVIDER
which I thought was necessary from the initial email

As an aside,
the error message for ed25519-sk not being supported could be more explicit
currently it just exits after "You may need to touch ..."
with debug its "debug1: client_converse: helper returned error -4"
and the ssh-sk-helper logs:
error: Security key provider "internal" returned failure -1
error: ssh-sk-helper: Enrollment failed: invalid format

thanks,
sean

On Sun, Jan 12, 2020 at 3:22 PM Markus Friedl <mfriedl at gmail.com> wrote:
>
> You should use the provider library shipped
> with openssh, because we did not update the initial version that’s included in libfido2
>
> -m
>
>
> Sean Liao <seankhliao at gmail.com> schrieb am Fr. 10. Jan. 2020 um 02:14:
>>
>> Hi,
>>
>> So I finally have time to test the u2f support
>> but so far I haven't been very successful,
>> Specifically, current HEAD has
>> SSH_SK_VERSION_MAJOR           0x00040000
>> and I can't seem to find a matching libfido2 version,
>> current HEAD of Yubico/libfido2 is 0x00020000
>>
>> Is there a more up to date libfido2
>> or a particular commit of openssh-portable
>> I should be using?
>>
>> thanks
>>
>> Sean
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev


More information about the openssh-unix-dev mailing list