Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support keys generated using -O no-touch-required with ssh-keygen #167

Open
aitorpazos opened this issue Nov 14, 2023 · 1 comment
Open

Comments

@aitorpazos
Copy link

I am not able to use keys generated using -O no-touch-required option with ssh-keygen. One of the nice things of Onlykey is that I need to authenticate against the device, so an unlocked Onlykey means that I already confirmed I know the PIN. From then on, it is convenient to not have to confirm presence for every SSH operation.
I use during my development work and it adds friction to automated flows to require me to touch the device on operations like pushing commits to Git repos or running ansible playbooks.

ssh [email protected] -vv log:

...
debug1: Server accepts key: /home/aitor/.ssh/id_ed25519_sk ED25519-SK SHA256:yKtAT/JzW09V6rRWRQmkjCmWtZvHgg5G8nP8+qDUpMI authenticator
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: process_sign: ready to sign with key ED25519-SK, provider internal: msg len 184, compat 0x0
debug1: sshsk_sign: provider "internal", key ED25519-SK, flags 0x20
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by cred
debug1: check_sk_options: option uv is unknown
debug1: sk_try: fido_dev_get_assert: FIDO_ERR_SUCCESS
...
@manonfgoo
Copy link

which version of ssh-keygen are you using ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants