Overview: Enabling Lockdown mode on macOS 13.0 breaks FIDO2 security key authentication. As a note, I am using the Homebrew version of OpenSSH as the version bundled with macOS is woefully ancient, it was however working before lockdown mode was activated. The documentation on Lockdown Mode is unfortunately sparse, but here is a marketing blurb on the feature set. https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/ This feature automatically requires USB allow listing and seemingly alters some other behavior that OpenSSH relies on. FIDO2 authentication behaves as expected in Google Chrome and the Yubico Manager with my Yubikey 5 NFC. I can still list and add/remove Discoverable Credentials without a hitch. Steps to Reproduce: 1) Enroll security keys on a FIDO2 token on a macOS machine https://xeiaso.net/blog/yubikey-ssh-key-storage 2) Enable Lockdown Mode https://support.apple.com/en-us/HT212650 3) Attempt to add a key to ssh-agent using ssh-add -K or use ssh-keygen -K 4) Enter your FIDO2 PIN Actual results: OpenSSH emits the following error Unable to add key ED25519-SK SHA256:<fingerprint> Expected results: OpenSSH would request a presence touch on the Yubikey and successfully import the key material Build and OS Version: % ssh -V OpenSSH_9.1p1, OpenSSL 1.1.1q 5 Jul 2022 % sw_vers ProductName: macOS ProductVersion: 13.0 BuildVersion: 22A380 Debug output from ssh-add below: % ssh-add -K -vvv Enter PIN for authenticator: debug3: start_helper: started pid=21930 debug3: ssh_msg_send: type 5 debug3: ssh_msg_recv entering debug1: start_helper: starting /opt/homebrew/Cellar/openssh/9.1p1/libexec/ssh-sk-helper debug1: sshsk_load_resident: provider "internal", have-pin debug1: sk_probe: 1 device(s) detected debug1: sk_probe: selecting sk by touch debug1: ssh_sk_load_resident_keys: trying ioreg://4294976002 debug1: check_sk_options: option uv is unknown debug1: read_rks: existing 4, remaining 21 debug1: read_rks: Device ioreg://4294976002 has resident keys for 3 RPs debug1: read_rks: rp 0: name="(none)" id="login.microsoft.com" hashlen=32 debug1: read_rks: rp 1: name="(none)" id="ssh:vivithecanine" hashlen=32 debug1: read_rks: RP "ssh:vivithecanine" has 1 resident keys debug1: read_rks: Device ioreg://4294976002 RP "ssh:vivithecanine" user "openssh" uidlen 32 slot 0: type -8 flags 0x00 prot 0x03 debug1: read_rks: rp 2: name="(none)" id="ssh:user" hashlen=32 debug1: read_rks: RP "ssh:user" has 1 resident keys debug1: read_rks: Device ioreg://4294976002 RP "ssh:user" user "openssh" uidlen 32 slot 0: type -8 flags 0x00 prot 0x03 debug3: sshsk_load_resident: rk 0: slot 0, alg 1, app "ssh:vivithecanine", uidlen 32 debug3: sshsk_load_resident: rk 1: slot 0, alg 1, app "ssh:user", uidlen 32 debug1: process_load_resident: key 0 ED25519-SK ssh:vivithecanine uidlen 32 debug1: process_load_resident: key 1 ED25519-SK ssh:user uidlen 32 debug1: main: reply len 371 debug3: ssh_msg_send: type 5 debug3: reap_helper: pid=21930 debug1: sshsk_load_resident: srks[0]: ED25519-SK ssh:vivithecanine uidlen 32 debug1: sshsk_load_resident: srks[1]: ED25519-SK ssh:user uidlen 32 Unable to add key ED25519-SK SHA256:[redacted] Unable to add key ED25519-SK SHA256:[redacted]
From the debug log, it appears that ssh-add was successfully downloading the keys from your FIDO2 token, but failing to add them to ssh-agent. I wonder if lockdown mode is simply breaking ssh-agent? Could you confirm that key download works using "ssh-keygen -K"? If that works, are you able to add them to ssh-agent directly using ssh-add? According to https://support.apple.com/en-us/HT212650 it is possible to exempt particular applications from the lockdown. Maybe you could exempt ssh-agent?