Comments (4)
UPDATE :
After enable WSL version 2 (wsl --set-version debian 2) i can finally generate an ecdsa-sk keypair :) !
Unfortunatly i still can't generate ed25519-sk keypair. I don't know if it's possible with windows-fido-bridge as you didn't put an exemple in the readme.
Maybe it can be useful to precise that.
There is the output when i try to generate ed25519-sk :
WINDOWS_FIDO_BRIDGE_DEBUG=true SSH_SK_PROVIDER=libwindowsfidobridge.so ssh-keygen -t ed25
519-sk -v
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_enroll: provider "libwindowsfidobridge.so", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: sshsk_open: provider libwindowsfidobridge.so implements version 0x00070000
[2020-11-22 13:23:25.965] [wfb-middleware] [debug] Parameters from OpenSSH:
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] Algorithm: 1
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] Challenge:
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] | 0 1 2 3 4 5 6 7 8 9 a b c d e f
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] | 0000: ...
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] | 0010: ...
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] Application: "ssh:"
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] Flags: 0b00000001
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] PIN: (not present)
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] Options:
[2020-11-22 13:23:25.966] [wfb-middleware] [debug] (No options provided)
debug1: sshsk_enroll: provider "libwindowsfidobridge.so" returned failure -2
debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -59
Key enrollment failed: requested feature not supported
from windows-fido-bridge.
Glad you were able to get it working! I personally use WSL2 exclusively, so I'm not terribly surprised it doesn't work on WSL1. That said, I can set up a WSL1 distro and see if I can get a repro; if it's a simple fix, I've no problem supporting it.
And yeah, unfortunately, of the algorithms supported by OpenSSH, Microsoft's WebAuthn API only supports ECDSA: https://github.com/microsoft/webauthn/blob/master/webauthn.h#L161. I can add a note mentioning that in the README and print a message if one attempts to use it.
I'll reopen this for now to remind myself to take a look sometime over the next few days.
from windows-fido-bridge.
Hmm, I tried making a WSL1 Debian bullseye installation and it worked with no problems using the current latest windows-fido-bridge from apt.mgbowen.dev. Unfortunately, I don't have much more to go on without better debug logging, which is on my todo list.
from windows-fido-bridge.
Added explicit logging about ed25519-sk being unsupported and updated the README with info about the same in this commit.
I'll go ahead and close this now. If you have any issues in the future, please feel free to open another!
from windows-fido-bridge.
Related Issues (20)
- signing failed for ECDSA-SK: invalid format HOT 2
- Ed25519 Support HOT 5
- Create a new release HOT 2
- fatal error: span: No such file or directory HOT 4
- Cmake compile options SK_API_VERSION syntax HOT 2
- Resident Keys Support? HOT 7
- Support tunneling over remote desktop
- Windows Hello support HOT 1
- Using the bridge on Windows 11 is slow HOT 3
- FIDO fails when requests to confirm on ssh, but works fine for ssh-keygen HOT 1
- Provider "libwindowsfidobridge.so" dlopen failed: Exec format error HOT 1
- Not being prompted to enter pin to connect to a remote ssh server
- implements unsupported version 0x00070000 (supported: 0x00090000) HOT 11
- Missing dependencies on WSL based on ubuntu HOT 1
- Doesn't work anymore after upgrading WSL to 22.04 HOT 1
- [Feature Request] Support OpenSSH 9.1 HOT 1
- Strip debug data from dll
- Cannot do ssh signing HOT 1
- signing failed for ECDSA-SK - requested feature not supported HOT 1
- Failed to parse attestation object HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from windows-fido-bridge.