[Bug 1950473] [NEW] SSH keygen, Key enrollment failed: requested feature not supported

Wed, 10 Nov 2021 06:26:06 -0800 

Public bug reported:

Bug report:
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 21.10
Release:        21.10
Codename:       impish

uname -r
5.13.0-21-generic

Yubikey device: yubikey 5 NFC

ssh -V
OpenSSH_8.4p1 Ubuntu-6ubuntu2, OpenSSL 1.1.1l  24 Aug 2021

Dmesg output:
21.960057] usb 1-3: new full-speed USB device number 4 using xhci_hcd
[   22.296859] usb 1-3: New USB device found, idVendor=1050, idProduct=0407, 
bcdDevice= 5.12
[   22.296869] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   22.296873] usb 1-3: Product: YubiKey OTP+FIDO+CCID
[   22.296876] usb 1-3: Manufacturer: Yubico
[   22.296879] usb 1-3: SerialNumber: 0009031500
[   22.331164] input: Yubico YubiKey OTP+FIDO+CCID as 
/devices/pci0000:00/0000:00:01.3/0000:02:00.0/usb1/1-3/1-3:1.0/0003:1050:0407.0004/input/input19
[   22.388838] hid-generic 0003:1050:0407.0004: input,hidraw3: USB HID v1.10 
Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:02:00.0-3/input0
[   22.396252] hid-generic 0003:1050:0407.0005: hiddev2,hidraw4: USB HID v1.10 
Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:02:00.0-3/input1

lsusb -v 2>/dev/null | grep -A2 Yubico | grep "bcdDevice" | awk '{print $2}'
5.12 ( Yubikey firmware )

Tried with the key pin:
ssh-keygen -t ed25519-sk -O resident -vvv
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator:
debug3: start_helper: started pid=2678
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", 
userid "(null)", flags 0x21, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by touch
debug1: ssh_sk_enroll: using device /dev/hidraw4
debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to 
create unprotected resident/verify-required key
debug1: sshsk_enroll: provider "internal" returned failure -2
debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
debug1: ssh-sk-helper: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -59
debug3: reap_helper: pid=2678
Key enrollment failed: requested feature not supported

Tried with touching the key:
$ ssh-keygen -t ed25519-sk -O resident -vvv
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator:
debug3: start_helper: started pid=2681
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", 
userid "(null)", flags 0x21, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by touch
debug1: ssh_sk_enroll: using device /dev/hidraw4
debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to 
create unprotected resident/verify-required key
debug1: sshsk_enroll: provider "internal" returned failure -2
debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
debug1: ssh-sk-helper: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -59
debug3: reap_helper: pid=2681
Key enrollment failed: requested feature not supported

** Affects: gnupg (Ubuntu)
     Importance: Undecided
         Status: New

** Description changed:

  Bug report:
  lsb_release -a
  No LSB modules are available.
  Distributor ID:       Ubuntu
  Description:  Ubuntu 21.10
  Release:      21.10
  Codename:     impish
  
  uname -r
  5.13.0-21-generic
  
- ssh -V 
+ Yubikey device: yubikey 5 NFC
+ 
+ ssh -V
  OpenSSH_8.4p1 Ubuntu-6ubuntu2, OpenSSL 1.1.1l  24 Aug 2021
  
  Dmesg output:
  21.960057] usb 1-3: new full-speed USB device number 4 using xhci_hcd
  [   22.296859] usb 1-3: New USB device found, idVendor=1050, idProduct=0407, 
bcdDevice= 5.12
  [   22.296869] usb 1-3: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3
  [   22.296873] usb 1-3: Product: YubiKey OTP+FIDO+CCID
  [   22.296876] usb 1-3: Manufacturer: Yubico
  [   22.296879] usb 1-3: SerialNumber: 0009031500
  [   22.331164] input: Yubico YubiKey OTP+FIDO+CCID as 
/devices/pci0000:00/0000:00:01.3/0000:02:00.0/usb1/1-3/1-3:1.0/0003:1050:0407.0004/input/input19
  [   22.388838] hid-generic 0003:1050:0407.0004: input,hidraw3: USB HID v1.10 
Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:02:00.0-3/input0
  [   22.396252] hid-generic 0003:1050:0407.0005: hiddev2,hidraw4: USB HID 
v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:02:00.0-3/input1
  
- 
  lsusb -v 2>/dev/null | grep -A2 Yubico | grep "bcdDevice" | awk '{print $2}'
  5.12
  
- Tried with they key pin:
+ Tried with the key pin:
  ssh-keygen -t ed25519-sk -O resident -vvv
  Generating public/private ed25519-sk key pair.
  You may need to touch your authenticator to authorize key generation.
- Enter PIN for authenticator: 
+ Enter PIN for authenticator:
  debug3: start_helper: started pid=2678
  debug3: ssh_msg_send: type 5
  debug3: ssh_msg_recv entering
- debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper 
+ debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
  debug1: sshsk_enroll: provider "internal", device "(null)", application 
"ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
  debug1: sshsk_enroll: using random challenge
  debug1: sk_probe: 1 device(s) detected
  debug1: sk_probe: selecting sk by touch
  debug1: ssh_sk_enroll: using device /dev/hidraw4
  debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to 
create unprotected resident/verify-required key
  debug1: sshsk_enroll: provider "internal" returned failure -2
  debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
  debug1: ssh-sk-helper: reply len 8
  debug3: ssh_msg_send: type 5
  debug1: client_converse: helper returned error -59
  debug3: reap_helper: pid=2678
  Key enrollment failed: requested feature not supported
  
  Tried with touching the key:
  $ ssh-keygen -t ed25519-sk -O resident -vvv
  Generating public/private ed25519-sk key pair.
  You may need to touch your authenticator to authorize key generation.
- Enter PIN for authenticator: 
+ Enter PIN for authenticator:
  debug3: start_helper: started pid=2681
  debug3: ssh_msg_send: type 5
  debug3: ssh_msg_recv entering
- debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper 
+ debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
  debug1: sshsk_enroll: provider "internal", device "(null)", application 
"ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
  debug1: sshsk_enroll: using random challenge
  debug1: sk_probe: 1 device(s) detected
  debug1: sk_probe: selecting sk by touch
  debug1: ssh_sk_enroll: using device /dev/hidraw4
  debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to 
create unprotected resident/verify-required key
  debug1: sshsk_enroll: provider "internal" returned failure -2
  debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
  debug1: ssh-sk-helper: reply len 8
  debug3: ssh_msg_send: type 5
  debug1: client_converse: helper returned error -59
  debug3: reap_helper: pid=2681
  Key enrollment failed: requested feature not supported

** Description changed:

  Bug report:
  lsb_release -a
  No LSB modules are available.
  Distributor ID:       Ubuntu
  Description:  Ubuntu 21.10
  Release:      21.10
  Codename:     impish
  
  uname -r
  5.13.0-21-generic
  
  Yubikey device: yubikey 5 NFC
  
  ssh -V
  OpenSSH_8.4p1 Ubuntu-6ubuntu2, OpenSSL 1.1.1l  24 Aug 2021
  
  Dmesg output:
  21.960057] usb 1-3: new full-speed USB device number 4 using xhci_hcd
  [   22.296859] usb 1-3: New USB device found, idVendor=1050, idProduct=0407, 
bcdDevice= 5.12
  [   22.296869] usb 1-3: New USB device strings: Mfr=1, Product=2, 
SerialNumber=3
  [   22.296873] usb 1-3: Product: YubiKey OTP+FIDO+CCID
  [   22.296876] usb 1-3: Manufacturer: Yubico
  [   22.296879] usb 1-3: SerialNumber: 0009031500
  [   22.331164] input: Yubico YubiKey OTP+FIDO+CCID as 
/devices/pci0000:00/0000:00:01.3/0000:02:00.0/usb1/1-3/1-3:1.0/0003:1050:0407.0004/input/input19
  [   22.388838] hid-generic 0003:1050:0407.0004: input,hidraw3: USB HID v1.10 
Keyboard [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:02:00.0-3/input0
  [   22.396252] hid-generic 0003:1050:0407.0005: hiddev2,hidraw4: USB HID 
v1.10 Device [Yubico YubiKey OTP+FIDO+CCID] on usb-0000:02:00.0-3/input1
  
  lsusb -v 2>/dev/null | grep -A2 Yubico | grep "bcdDevice" | awk '{print $2}'
- 5.12
+ 5.12 ( Yubikey firmware )
  
  Tried with the key pin:
  ssh-keygen -t ed25519-sk -O resident -vvv
  Generating public/private ed25519-sk key pair.
  You may need to touch your authenticator to authorize key generation.
  Enter PIN for authenticator:
  debug3: start_helper: started pid=2678
  debug3: ssh_msg_send: type 5
  debug3: ssh_msg_recv entering
  debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
  debug1: sshsk_enroll: provider "internal", device "(null)", application 
"ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
  debug1: sshsk_enroll: using random challenge
  debug1: sk_probe: 1 device(s) detected
  debug1: sk_probe: selecting sk by touch
  debug1: ssh_sk_enroll: using device /dev/hidraw4
  debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to 
create unprotected resident/verify-required key
  debug1: sshsk_enroll: provider "internal" returned failure -2
  debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
  debug1: ssh-sk-helper: reply len 8
  debug3: ssh_msg_send: type 5
  debug1: client_converse: helper returned error -59
  debug3: reap_helper: pid=2678
  Key enrollment failed: requested feature not supported
  
  Tried with touching the key:
  $ ssh-keygen -t ed25519-sk -O resident -vvv
  Generating public/private ed25519-sk key pair.
  You may need to touch your authenticator to authorize key generation.
  Enter PIN for authenticator:
  debug3: start_helper: started pid=2681
  debug3: ssh_msg_send: type 5
  debug3: ssh_msg_recv entering
  debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
  debug1: sshsk_enroll: provider "internal", device "(null)", application 
"ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
  debug1: sshsk_enroll: using random challenge
  debug1: sk_probe: 1 device(s) detected
  debug1: sk_probe: selecting sk by touch
  debug1: ssh_sk_enroll: using device /dev/hidraw4
  debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to 
create unprotected resident/verify-required key
  debug1: sshsk_enroll: provider "internal" returned failure -2
  debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
  debug1: ssh-sk-helper: reply len 8
  debug3: ssh_msg_send: type 5
  debug1: client_converse: helper returned error -59
  debug3: reap_helper: pid=2681
  Key enrollment failed: requested feature not supported

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1950473

Title:
  SSH keygen, Key enrollment failed: requested feature not supported

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/gnupg/+bug/1950473/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to