Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Yubikey GPG/PIV/FIDO2 SSH auth issues on Windows 11 #511

Open
desultory-zz opened this issue Oct 17, 2022 · 4 comments
Open

Yubikey GPG/PIV/FIDO2 SSH auth issues on Windows 11 #511

desultory-zz opened this issue Oct 17, 2022 · 4 comments

Comments

@desultory-zz
Copy link

desultory-zz commented Oct 17, 2022
edited
Loading

I'm having issues with this tutorial: https://developers.yubico.com/PGP/SSH_authentication/Windows.html
I'm running Windows 11 and have a Yubikey5. I've loaded ED25519 certs onto it, and I'm able to see those in gpg-agent but the windows ssh agent is not able to see these keys. I'd also like to point out that the gpg configuration folder is not .gnupg under appdata, but is gnupg. I've even added the keygrip to the sshcontrol file, also not mentioned in the guide and the ssh client still isn't seeing my keys.
@desultory-zz
Copy link
Author

desultory-zz commented Oct 17, 2022
edited
Loading

I can't get PIV to work either. Your PIV ssh tutorial is also missing the vital information that the the bin folder needs to be added to your user/system path to function. When I run ssh-keygen -D libykcs11.dll -e it gives me an rsa key, and I don't have any RSA keys on this yubikey to begin with. I'm beyond confused by what is happening with my Yubikey, and the extremely disjointed, poor quality wikis aren't helping the situation at all.

@desultory-zz
Copy link
Author

Following this guide isn't helpful: https://support.yubico.com/hc/en-us/articles/360021606180-Using-YubiKey-PIV-with-Windows-native-SSH-client#
It doesn't say how you should get the key's fingerprint for ssh auth and I don't know where to go from there.

@desultory-zz
Copy link
Author

I can use GPG with with KiTTY, but not with the windows SSH client, even if I set the environment variable for %SSH_AUTH_SOCK% to 'C:\Users\{user}\AppData\Local\gnupg\S.gpg-agent.ssh'

What is most concerning is that it's taking the ssh key AAAAC3NzaC1lZDI1NTE5AAAAINliIwfA09BAc8G0e4AIYn6cYbjFUimfDuUKPcvgLQLP but when I run gpg --export-ssh-key {keygrip} I get AAAAC3NzaC1lZDI1NTE5AAAAIAZHFjxkyRTgqb2tMbiEvEkNcg79knqZJfMBjEBtrMq+ and gpg says it's from openpgp;{hexkey} not the yubikey's serial number. I am running into issues at every turn here, tavrez/openssh-sk-winhello#17 (comment)

@desultory-zz desultory-zz changed the title GPG SSH auth issues Yubikey GPG/PIV/FIDO2 SSH auth issues on Windows 11 Oct 19, 2022
@FirehawkV21
Copy link

Hello!

I've tested with version 9.2.2.0 of Win32-OpenSSH and I was successful in using my Yubico Security Key for the SSH key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@FirehawkV21 @desultory-zz