| Summary: | Issues when authorized_keys contains more than one ecdsa-sk public key | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | David Walker <David> | ||||||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||||
| Status: | CLOSED WORKSFORME | ||||||||||
| Severity: | enhancement | CC: | djm | ||||||||
| Priority: | P5 | ||||||||||
| Version: | 8.3p1 | ||||||||||
| Hardware: | amd64 | ||||||||||
| OS: | Linux | ||||||||||
| Attachments: |
|
||||||||||
|
Description
David Walker
2020-07-05 17:54:38 AEST
If you post debug traces from the client and the server it might be possible to figure out what is going on here Hmmm... I still have the issue of not being prompted to insert a key when no acceptable key is already inserted, but either of the keys I've authorized can be inserted and I get logged in without error. I'm pretty sure Tumbleweed has had an update to this stuff (libfido2 and maybe openssh) since I originally reported the issue, so it looks maybe like this has been resolved. If it's useful, though, I'll attach logs for two cases where an authorized key is already inserted and one where no key is inserted. FYI, I tested this on my laptop by starting sshd on my laptop and "ssh -vvv localhost". The authorized_keys file contained only the two Yubikeys I've been testing with. Created attachment 3429 [details]
5C Nano already inserted
Created attachment 3430 [details]
5 NFC already inserted
Created attachment 3431 [details]
No key inserted
it sounds like your problems were related to your OS distribution and not OpenSSH per se. Reopen if this is not the case. closing resolved bugs as of 8.6p1 release |