Slackware current, Yubikey and Openssh
by Kowalczyk from LinuxQuestions.org on (#5CSBP)
Hi everyone.
Im trying to take advantage of the new capabilities in Openssh 8.2(U2F support) using my Yubikey.
I need to run current to get the right version of Openssh.
What I have done so far is:
Installed libfido2 from the Yubico site.
And I tried to to run the command:
ssh-keygen -t ed25519-sk -f .ssh/Yubikey but I got the error:
No ServerKeyProvider specified. I found this to be because of Openssh being built without the flag -with-server-key-builtin flag. So I removed the Openssh package and grab the slackbuilds that Pat uses and added that flag and that took care of that.
My next problem however is: It tries to create the key and it says you might have to touch your key but then it fails with Key enrollment failed: invalid format. So I can't create a new key.
So I guess it's something I'm missing? Is anyone running a setup like this and could help me on the way?
The server side with Slackware current is taken care of. I can now ssh from another machine to it using the yubikey but I want to fix it on the client side(that's the only thing I'm missing in Slackware and wants this to work).
When I have taken care of that I want to try the Pam side of it (require Yubikey for login into tty and for sudo etc) so I'm reaching out to you guys.
Regards Roar
Im trying to take advantage of the new capabilities in Openssh 8.2(U2F support) using my Yubikey.
I need to run current to get the right version of Openssh.
What I have done so far is:
Installed libfido2 from the Yubico site.
And I tried to to run the command:
ssh-keygen -t ed25519-sk -f .ssh/Yubikey but I got the error:
No ServerKeyProvider specified. I found this to be because of Openssh being built without the flag -with-server-key-builtin flag. So I removed the Openssh package and grab the slackbuilds that Pat uses and added that flag and that took care of that.
My next problem however is: It tries to create the key and it says you might have to touch your key but then it fails with Key enrollment failed: invalid format. So I can't create a new key.
So I guess it's something I'm missing? Is anyone running a setup like this and could help me on the way?
The server side with Slackware current is taken care of. I can now ssh from another machine to it using the yubikey but I want to fix it on the client side(that's the only thing I'm missing in Slackware and wants this to work).
When I have taken care of that I want to try the Pam side of it (require Yubikey for login into tty and for sudo etc) so I'm reaching out to you guys.
Regards Roar