You are not logged in.
- Topics: Active | Unanswered
#1 2022-03-02 07:31:58
- Spider.007
- Member
- Registered: 2004-06-20
- Posts: 1,175
openssh 8.9p1 breaks yubikey client authentication
after upgrading to openssh 8.9p1-1 my ssh client is no longer able to authenticate using my yubikey. This used to work fine through gpg-agent. It fails saying:
sign_and_send_pubkey: signing failed for ED25519 "cardno:xxx" from agent: agent refused operationand gpg-agent logs:
scdaemon[xxx]: app_auth failed: Invalid value
smartcard signing failed: Invalid value
ssh sign request failed: Invalid value <SCD>I think this might be caused by https://www.openssh.com/agent-restrict.html but I'm not sure it's supposed to break existing setups
Offline
#2 2022-03-13 17:43:51
- ssr
- Member
- Registered: 2022-03-13
- Posts: 5
Re: openssh 8.9p1 breaks yubikey client authentication
Same here, but some servers can connect and some can't. I don't know how to do a detailed test.
Offline
#3 2022-04-09 20:41:10
- heftig
- Developer
- From: Germany
- Registered: 2010-04-19
- Posts: 159
Re: openssh 8.9p1 breaks yubikey client authentication
This got worse with 9.0, see https://bugs.archlinux.org/task/74423.
Adding
KexAlgorithms -sntrup761x25519-sha512@openssh.comto ssh_config works around it for me.
Offline