On Mon, 31 Aug 2020, open...@evantann.com wrote: > >Synopsis: ecdsa-sk no longer works with latest snapshot > >Category: > >Environment: > System : OpenBSD 6.7 > Details : OpenBSD 6.7-current (GENERIC.MP) #52: Sun Aug 30 17:55:06 > MDT 2020 > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > Architecture: OpenBSD.amd64 > Machine : amd64 > >Description: > As of a recent snapshot, my Yubikey with an ecdsa-sk key no longer > works with ssh. Where the ssh process would typically pause to confirm > presence, now it fails immediately with the following: > > Confirm user presence for key ECDSA-SK SHA256:____ > sign_and_send_pubkey: signing failed for ECDSA-SK "$keypath": > invalid format > $user@$ip: Permission denied (publickey). > >How-To-Repeat: > 1. Insert a single Yubikey into a USB port. > 2. Generate an ecdsa-sk key with normal options, i.e. not a resident > key. > 3. Attempt to ssh into any service that uses your ecdsa-sk key. > > This can be reproduced with or without ssh-agent running.
Hi, Thanks for the report - plase send the output of a failing ssh session in verbose mode, i.e. ssh -vvv user@host Thanks, Damien