ssh-sk-helper failing sshsk_sign with code -2 (requested feature not supported)

[rdeker]

Hi, I'm using your openssh-sk-winhello binaries on Win10 version 1909, build 18363.778 with Git for Windows version 2.62.2-64-bit and a YubiKey 5 NFC. System is running in a Virtualbox VM (though I have also tried with a native Windows install on another machine). When I originally set things up, authentication to a Linux host (Ubuntu 20.04, OpenSSH 8.2p1, also a VM) was functioning, but having come back to it a bit later to document for a client, auth is now failing.

Using the same YubiKey and ecdsa_sk key from a Linux host works perfectly.

Here is the output of "ssh -v" on the Windows host:

$ SSH_SK_HELPER=/usr/lib/ssh/ssh-sk-helper.exe ssh -vv -i ~/.ssh/id_ecdsa_sk deker@10.10.1.222
OpenSSH_8.2p1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /c/Users/Deker/.ssh/config
debug1: /c/Users/Deker/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 48: Applying options for *
debug2: resolve_canonicalize: hostname 10.10.1.222 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.10.1.222 [10.10.1.222] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa_sk-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4
debug1: match: OpenSSH_8.2p1 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.10.1.222:22 as 'deker'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:BbeOXU9GQubTOCVJmzlQEuTt0OIhh8IDcJGzT47NQLY
debug1: Host '10.10.1.222' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/Deker/.ssh/known_hosts:2
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ecdsa_sk  explicit
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/Deker/.ssh/id_ecdsa_sk
Enter passphrase for key '/c/Users/Deker/.ssh/id_ecdsa_sk':
debug1: start_helper: starting /usr/lib/ssh/ssh-sk-helper.exe
debug1: ssh-sk-helper: ready to sign with key ECDSA-SK, provider winhello.dll: msg len 247, compat 0x4000000
debug1: sshsk_sign: provider "winhello.dll", key ECDSA-SK, flags 0x01
debug1: sshsk_open: provider winhello.dll implements version 0x001c0000
debug1: sshsk_sign: sk_sign failed with code -2
debug1: ssh-sk-helper: Signing failed: requested feature not supported
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -59
debug1: identity_sign: sshkey_sign: requested feature not supported
sign_and_send_pubkey: signing failed for ECDSA-SK "/c/Users/Deker/.ssh/id_ecdsa_sk": requested feature not supported
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
deker@10.10.1.222's password:

Any advice or assistance would be greatly appreciated. Please let me know what other debug info would be useful.

[tavrez]

Thanks for reporting, could you tell me:

1. Have you compiled module by yourself or it's the provided binary
2. Give me this log but when you are not using winhello.dll

[rdeker]

Thanks for responding so quickly.

1. I am using the binaries from your github release
2. Can you clarify exactly what you'd like me to log? I'm not sure if you mean simply removing the SecurityKeyProvider configuration, reverting to the ssh-sk-helper provided by Git for Windows, or something else.

[tavrez]

Removing SecurityKeyProvider should be enough, remember to run git bash as administrator. Also could you tell me if you are running Windows in VM or not. Seems like the problem is with the webauthn.dll not returning success message after initiation, you can also test any FIDO process inside any browsers and see if they are using win hello or falling back to their own implementation

…

On Thu, May 28, 2020 at 12:19 AM Rob Deker ***@***.***> wrote: Thanks for responding so quickly. 1. I am using the binaries from your github release 2. Can you clarify exactly what you'd like me to log? I'm not sure if you mean simply removing the SecurityKeyProvider configuration, reverting to the ssh-sk-helper provided by Git for Windows, or something else. — You are receiving this because you commented. Reply to this email directly, view it on GitHub <#1 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACFM2DKLM6U5TLMX2HYYK6TRTVVELANCNFSM4NMHBL3A> .

[rdeker]

I've tried in a VirtualBox Win10 virtual, and on Win10 running natively. As an additional note, the id_ecdsa_sk was generated on a Linux box and copied to Windows, but I've verified that the key is identical and didn't get mangled in copying. etc. Using the same key file and same YubiKey device works fine from a linux host (Ubuntu 20.04).

Using Win10 running natively, running Git bash as administrator, with the SecurityKeyProvider disabled in the ssh config, and the original ssh-sk-helper.exe (just in case), I get the following (note that there is a pause of several seconds after "find_device: found key"):

$ ssh -vv deker@10.10.1.222
OpenSSH_8.2p1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /c/Users/Deker/.ssh/config
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 10.10.1.222 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.10.1.222 [10.10.1.222] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Deker/.ssh/id_rsa type -1
debug1: identity file /c/Users/Deker/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_dsa type -1
debug1: identity file /c/Users/Deker/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/Deker/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/Deker/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_xmss type -1
debug1: identity file /c/Users/Deker/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4
debug1: match: OpenSSH_8.2p1 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.10.1.222:22 as 'deker'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:BbeOXU9GQubTOCVJmzlQEuTt0OIhh8IDcJGzT47NQLY
debug1: Host '10.10.1.222' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/Deker/.ssh/known_hosts:2
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/Deker/.ssh/id_rsa
debug1: Will attempt key: /c/Users/Deker/.ssh/id_dsa
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ecdsa
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ecdsa_sk
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ed25519
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ed25519_sk
debug1: Will attempt key: /c/Users/Deker/.ssh/id_xmss
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/Deker/.ssh/id_rsa
debug1: Trying private key: /c/Users/Deker/.ssh/id_dsa
debug1: Trying private key: /c/Users/Deker/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/Deker/.ssh/id_ecdsa_sk
Enter passphrase for key '/c/Users/Deker/.ssh/id_ecdsa_sk':
debug1: start_helper: starting /usr/lib/ssh/ssh-sk-helper
debug1: ssh-sk-helper: ready to sign with key ECDSA-SK, provider internal: msg len 247, compat 0x4000000
debug1: sshsk_sign: provider "internal", key ECDSA-SK, flags 0x01
debug1: find_device: found 1 device(s)
debug1: find_device: trying device 0: \\\\?\\hid#vid_1050&pid_0407&mi_01#7&3a4fbee5&0&0000#{4d1e55b2-f16f-11cf-88cb-001111000030}
debug1: try_device: fido_dev_get_assert: FIDO_ERR_SUCCESS
debug1: find_device: found key
debug1: ssh_sk_sign: fido_dev_get_assert: FIDO_ERR_ACTION_TIMEOUT
debug1: sshsk_sign: sk_sign failed with code -1
debug1: ssh-sk-helper: Signing failed: invalid format
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -4
debug1: identity_sign: sshkey_sign: invalid format
sign_and_send_pubkey: signing failed for ECDSA-SK "/c/Users/Deker/.ssh/id_ecdsa_sk": invalid format
debug1: Trying private key: /c/Users/Deker/.ssh/id_ed25519
debug1: Trying private key: /c/Users/Deker/.ssh/id_ed25519_sk
debug1: Trying private key: /c/Users/Deker/.ssh/id_xmss
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
deker@10.10.1.222's password:

For completeness, on the same Windows host, with the SecurityKeyProvider enabled, and using your modified ssh-sk-helper.exe, I get the following with no real delay noticeable:

$ ssh -vv deker@10.10.1.222
OpenSSH_8.2p1, OpenSSL 1.1.1f  31 Mar 2020
debug1: Reading configuration data /c/Users/Deker/.ssh/config
debug1: /c/Users/Deker/.ssh/config line 1: Applying options for *
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: resolve_canonicalize: hostname 10.10.1.222 is address
debug2: ssh_connect_direct
debug1: Connecting to 10.10.1.222 [10.10.1.222] port 22.
debug1: Connection established.
debug1: identity file /c/Users/Deker/.ssh/id_rsa type -1
debug1: identity file /c/Users/Deker/.ssh/id_rsa-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_dsa type -1
debug1: identity file /c/Users/Deker/.ssh/id_dsa-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa_sk type -1
debug1: identity file /c/Users/Deker/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_ed25519 type -1
debug1: identity file /c/Users/Deker/.ssh/id_ed25519-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_ed25519_sk type -1
debug1: identity file /c/Users/Deker/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /c/Users/Deker/.ssh/id_xmss type -1
debug1: identity file /c/Users/Deker/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.2
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.2p1 Ubuntu-4
debug1: match: OpenSSH_8.2p1 Ubuntu-4 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to 10.10.1.222:22 as 'deker'
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256,ext-info-c
debug2: host key algorithms: ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,rsa-sha2-512-cert-v01@openssh.com,rsa-sha2-256-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,sk-ecdsa-sha2-nistp256@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,aes256-cbc,aes192-cbc
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com,zlib
debug2: compression stoc: none,zlib@openssh.com,zlib
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256
debug2: host key algorithms: rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256,ssh-ed25519
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@openssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ecdsa-sha2-nistp256
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ecdsa-sha2-nistp256 SHA256:BbeOXU9GQubTOCVJmzlQEuTt0OIhh8IDcJGzT47NQLY
debug1: Host '10.10.1.222' is known and matches the ECDSA host key.
debug1: Found key in /c/Users/Deker/.ssh/known_hosts:2
debug2: set_newkeys: mode 1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: rekey in after 134217728 blocks
debug1: Will attempt key: /c/Users/Deker/.ssh/id_rsa
debug1: Will attempt key: /c/Users/Deker/.ssh/id_dsa
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ecdsa
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ecdsa_sk
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ed25519
debug1: Will attempt key: /c/Users/Deker/.ssh/id_ed25519_sk
debug1: Will attempt key: /c/Users/Deker/.ssh/id_xmss
debug2: pubkey_prepare: done
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com>
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /c/Users/Deker/.ssh/id_rsa
debug1: Trying private key: /c/Users/Deker/.ssh/id_dsa
debug1: Trying private key: /c/Users/Deker/.ssh/id_ecdsa
debug1: Trying private key: /c/Users/Deker/.ssh/id_ecdsa_sk
Enter passphrase for key '/c/Users/Deker/.ssh/id_ecdsa_sk':
debug1: start_helper: starting /usr/lib/ssh/ssh-sk-helper
debug1: ssh-sk-helper: ready to sign with key ECDSA-SK, provider /usr/bin/winhello.dll: msg len 247, compat 0x4000000
debug1: sshsk_sign: provider "/usr/bin/winhello.dll", key ECDSA-SK, flags 0x01
debug1: sshsk_open: provider /usr/bin/winhello.dll implements version 0x001c0000
Provider "/usr/bin/winhello.dll" implements unsupported version 0x001c0000 (supported: 0x00040000)
debug1: ssh-sk-helper: Signing failed: invalid format
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -4
debug1: identity_sign: sshkey_sign: invalid format
sign_and_send_pubkey: signing failed for ECDSA-SK "/c/Users/Deker/.ssh/id_ecdsa_sk": invalid format
debug1: Trying private key: /c/Users/Deker/.ssh/id_ed25519
debug1: Trying private key: /c/Users/Deker/.ssh/id_ed25519_sk
debug1: Trying private key: /c/Users/Deker/.ssh/id_xmss
debug2: we did not send a packet, disable method
debug1: Next authentication method: password
deker@10.10.1.222's password:

Any thoughts or additional help are greatly appreciated.

[tavrez]

Your first run shows that ssh found your key, but when it's tried to communicate with it, it got no answer, something must be wrong with the key or it's softwares(driver, configuration,...)

debug1: find_device: found key
debug1: ssh_sk_sign: fido_dev_get_assert: FIDO_ERR_ACTION_TIMEOUT

Could you please tell me:

1. When you test FIDO in your browser, what will happen? If it's working at all, and if it's working, how the authentication dialog look like, is it like the one I provided in gif in readme, or it look likes something else (for example go to Yubikey FIDO Demo site)
2. Have you changed any option for your yubikey in YubiKey Manager app? Disabling U2F and/or FIDO2

I'm working on a new release for OpenSSH 8.3 which doesn't need modified ssh-sk-helper, I'll add more debug information to module to see what is wrong with your configs

[tavrez]

I just remembered another thing:
Did you use no-touch-required option when you tried to generate your key? This can lead to problems
Edit: nvm, checked your flags, it’s not the case

[rdeker]

Reza,

1. The FIDO/U2F test from Firefox on a Win10 VM works fine.
2. No. I'm using the defaults in the YubiKey for FIDO/U2F. I do also have a cert loaded into the PIV app for another project, but that shouldn't be an issue, correct? Also, you are correct, I did not use the no-touch-required option.

[jschwina]

I seem to be having the same or a similar issue. With the current version (1.0 RC), I get an error when I try to use or generate a key:

init_winhello: WinHello API Error: Version=2, Is user available=0, user=0

I'm on 20H1, I can use FIDO from a browser (I've tried Firefox, Chrome, and Edge) without any issue, and I did not use the no-touch-required option when trying to generate a key. I've also tried two different FIDO2 keys with the same result.

[tavrez]

@rdeker firefox has two implementation for accessing fido keys, can you show me the screenshot of your browser when web application ask for the key? Or just confirm it's same as the one I posted in README file.
also, version 1.0 is availble for OpenSSH 8.3, it has more debug output.

[tavrez]

@jschwina Can you also post screenshot of your browser when it's asking for key?
And please, could you tell me if internal implementation of OpenSSH for FIDO keys are working for you? (with administrator privileges)

[jschwina]

Sure, it's the Windows Hello implementation:

And yes, the internal implementation of OpenSSH for FIDO keys works fine with administrator privileges.

[JohnVillalovos]

No idea if useful but Yubico has a Python implementation of interacting with the U2F key in Windows:

https://github.com/Yubico/python-fido2/blob/master/fido2/client.py#L647-L752

https://github.com/Yubico/python-fido2

Under Windows 10 (1903 or later) access to FIDO devices is restricted and requires running as Administrator. This library can still be used when running as non-administrator, via the fido.client.WindowsClient class. An example of this is included in the file examples/credential.py.

[tavrez]

It is not so different with what I did, my code is inspired by Google Chrome and Firefox source code. When this module is not working and browsers are working at the same time, there most be some settings preventing this module from accessing WinHello platform(maybe because of being an unsigned app)
Since I cannot reproduce the issue I’m gonna release a version and remove the check which is failing to see if users with problem can use it or not.

[JohnVillalovos]

@tavrez Off-topic: Since you know way much more about this than me. Do you know if this could be done in Pageant for something like PuTTY? Can the ssh-agent do all the work and the ssh client not need to be modified? I'm guessing no, but was hopeful it might be a yes and then could create an ssh agent that could work with PuTTY, or in my case MobaXterm. Thanks!

[tavrez]

@rdeker @jschwina Please test version 1.0.1 report to me, thank you.

[tavrez]

@tavrez Off-topic: Since you know way much more about this than me. Do you know if this could be done in Pageant for something like PuTTY? Can the ssh-agent do all the work and the ssh client not need to be modified? I'm guessing no, but was hopeful it might be a yes and then could create an ssh agent that could work with PuTTY, or in my case MobaXterm. Thanks!

Some part of working with FIDO keys implemented inside ssh client and server, they need to know how to handle new key types(ecdsa-sk and ed25519-sk). Signing and verification process of these two keys are different with normal ecdsa and ed25519 so it can't be done using agent alone.
PuTTY should implement these keys first.

[jschwina]

@rdeker @jschwina Please test version 1.0.1 report to me, thank you.

1.0.1 is working fine for me. Log output is as follows:

init_winhello: WARNING! This should not be like this!
WinHello API Error: Version=2, Is user available=0, user=0