https://bugzilla.mindrot.org/show_bug.cgi?id=3748
--- Comment #3 from [email protected] --- Ok I managed to get this working i.e. the signature verified and I could log in. However, on the server-side I had to comment out this check: https://github.com/openssh/openssh-portable/blob/V_8_7/ssh-ecdsa-sk.c#L124 I think it may be because we are using certs i.e. ECDSA-SK-CERT. Still not sure I understand this, but the expected clientData preamble seemed to contain cert info in the "challenge" section, whereas the challenge we return in our agent contains a much shorter challenge returned from Apple APIs (specifically https://developer.apple.com/documentation/authenticationservices/asauthorizationsecuritykeypublickeycredentialprovider). Given that the signature verified once I removed this check, I'm not sure it's implemented correctly. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
