If this fails also with -t ecdsa, try and using a plugin for OpenSSH to connect to FIDO/U2F security keys through native Windows Hello APIs might help. Your error message looks like a bug in progress on Debian: " issue 980393: /usr/bin/ssh-keygen -t ecdsa-sk fails with "Key enrollment failed: invalid format"".Īnd it is still being reported this month. fatal: Could not read from remote repository. So: it is true Security keys are now supported for SSH Git operations, as announced early this month (May 2021) on GitHub, but, as discussed here, there are still issues. i have an ssh key for my github account, i have the key's content in the settings of my account and the key's file on my machine.but whenever i try to push something to a repo that i own (basically i'm authorized to) i get this: : Permission denied (publickey).
Or: How do I install libfido2 if this is the problem? So my question: how do I manage to use my Yubikey instead of my local key?
Now I also read something about libfido2, however I can’t find any instructions on how to use it on Windows 10.
I have already successfully stored an OpenPGP certificate on the Yubikey.) The attempt with ecdsa-sk leads to the same result. The interesting thing: The message looks exactly the same, whether I have inserted the Yubikey or not does not matter. You may need to touch your authenticator to authorize key generation.īefore that, I am prompted to enter the PIN. Generating public/private ed25519-sk key pair. this one ) lead to the same error message for me: $ ssh-keygen -t ed25519-sk -C " " Now I would like to use the Yubikey instead of the certificate stored locally on the computer. In the meantime I managed to connect to the server with Git Bash and SSH using a locally generated SSH certificate. This is used by /etc/rc to generate new host keys. Unfortunately, the documentation here assumes a lot of prior knowledge and I am an absolute beginner on the subject. A: For each of the key types (rsa1, rsa, dsa, ecdsa and ed25519) for which host keys do not exist, generate the host keys with the default key file path, an empty passphrase, default bits for the key type, and default comment.
I then decided to deal with it on Windows 10 via Git Bash and SSH. After buying a Yubikey 5 NFC for technical interest (firmware 5.2.7) and setting up FIDO2 authentication where possible, I ran into the problem that I could no longer connect to my GitLab server via SmartGit because the second factor is not requested and therefore I can’t connect to the server.