SSH keygen, Key enrollment failed: requested feature not supported
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openssh (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Bug Description
Bug report:
lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 21.10
Release: 21.10
Codename: impish
uname -r
5.13.0-21-generic
Yubikey device: yubikey 5 NFC
ssh -V
OpenSSH_8.4p1 Ubuntu-6ubuntu2, OpenSSL 1.1.1l 24 Aug 2021
Dmesg output:
21.960057] usb 1-3: new full-speed USB device number 4 using xhci_hcd
[ 22.296859] usb 1-3: New USB device found, idVendor=1050, idProduct=0407, bcdDevice= 5.12
[ 22.296869] usb 1-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 22.296873] usb 1-3: Product: YubiKey OTP+FIDO+CCID
[ 22.296876] usb 1-3: Manufacturer: Yubico
[ 22.296879] usb 1-3: SerialNumber: 0009031500
[ 22.331164] input: Yubico YubiKey OTP+FIDO+CCID as /devices/
[ 22.388838] hid-generic 0003:1050:
[ 22.396252] hid-generic 0003:1050:
lsusb -v 2>/dev/null | grep -A2 Yubico | grep "bcdDevice" | awk '{print $2}'
5.12 ( Yubikey firmware )
Tried with the key pin:
ssh-keygen -t ed25519-sk -O resident -vvv
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator:
debug3: start_helper: started pid=2678
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/lib/
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by touch
debug1: ssh_sk_enroll: using device /dev/hidraw4
debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to create unprotected resident/
debug1: sshsk_enroll: provider "internal" returned failure -2
debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
debug1: ssh-sk-helper: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -59
debug3: reap_helper: pid=2678
Key enrollment failed: requested feature not supported
Tried with touching the key:
$ ssh-keygen -t ed25519-sk -O resident -vvv
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator:
debug3: start_helper: started pid=2681
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/lib/
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by touch
debug1: ssh_sk_enroll: using device /dev/hidraw4
debug1: ssh_sk_enroll: /dev/hidraw4 does not support credprot, refusing to create unprotected resident/
debug1: sshsk_enroll: provider "internal" returned failure -2
debug1: ssh-sk-helper: Enrollment failed: requested feature not supported
debug1: ssh-sk-helper: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -59
debug3: reap_helper: pid=2681
Key enrollment failed: requested feature not supported
| description: | updated |
| description: | updated |
| Hveem (krbjhvee) wrote | #1 |
| affects: | gnupg (Ubuntu) → openssh (Ubuntu) |
| Hveem (krbjhvee) wrote | #2 |
| Utkarsh Gupta (utkarsh) wrote | #3 |
| Changed in openssh (Ubuntu): | |
| status: | New → Invalid |
Correction