Re: ykman fido list Exception: Unsupported platform: openbsd6

Sat, 23 May 2020 08:41:46 -0700 

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Saturday, May 23, 2020 11:06 AM, Stuart Henderson <[email protected]> 
wrote:

> On 2020/05/23 09:41, Armands Stiegra wrote:
>
> > Hello, dear OpenBSD developers,
> > Humbly asking for your help, as I am unable to figure out, how to fix
> > the error below and if it is a known problem. It seems to me that
> > yubikey-manager fido functionality is not working on a fresh install
> > of OpenBSD 6.7.
>
> ykman requires python-fido2 to do this; python-fido2 has not implemented
> this functionality on OpenBSD.

Thank you for your quick explanation.

Is there currently any other way to set FIDO PIN on a Yubikey on OpenBSD to use 
a resident key?

$ ssh-keygen -t ed25519-sk -O resident
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter file in which to save the key (/home/stiegra/.ssh/id_ed25519_sk):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/stiegra/.ssh/id_ed25519_sk
Your public key has been saved in /home/stiegra/.ssh/id_ed25519_sk.pub
The key fingerprint is:
...

$ ssh-keygen -Kvvv
debug3: start_helper: started pid=12899
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/libexec/ssh-sk-helper
debug1: sshsk_load_resident: provider "internal"
debug1: ssh_sk_load_resident_keys: trying /dev/fido/0
debug1: read_rks: get metadata for /dev/fido/0 failed: FIDO_ERR_INVALID_ARGUMENT
debug1: ssh_sk_load_resident_keys: read_rks failed for /dev/fido/0
debug1: ssh-sk-helper: reply len 4
debug3: ssh_msg_send: type 5
debug3: reap_helper: pid=12899
Enter PIN for authenticator:
debug3: start_helper: started pid=7343
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/libexec/ssh-sk-helper
debug1: sshsk_load_resident: provider "internal", have-pin
debug1: ssh_sk_load_resident_keys: trying /dev/fido/0
debug1: read_rks: get metadata for /dev/fido/0 failed: FIDO_ERR_PIN_NOT_SET
debug1: ssh_sk_load_resident_keys: read_rks failed for /dev/fido/0
debug1: ssh-sk-helper: reply len 4
debug3: ssh_msg_send: type 5
debug3: reap_helper: pid=7343
No keys to download

This line suggests that PIN is not set:

debug1: read_rks: get metadata for /dev/fido/0 failed: FIDO_ERR_PIN_NOT_SET

Kind regards
Armands Stiegra

Reply via email to