无法为 ssh 生成 U2F Public/Private 密钥对:FIDO_ERR_RX
Cannot Generate U2F Public/Private Keypair for ssh : FIDO_ERR_RX
我目前在使用以下命令在终端中生成 U2F public/private 密钥对时遇到问题:
ssh-keygen -t ecdsa-sk -vv
运行 此命令提供以下错误:
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug1: start_helper: starting /usr/local/Cellar/openssh/8.3p1/libexec/ssh-sk-helper
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: ssh_sk_enroll: using device IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/XHC1@14/XHC1@14000000/HS07@14200000/Yubikey 4 OTP+U2F+CCID@14200000/IOUSBHostInterface@1/AppleUserUSBHostHIDDevice
debug1: ssh_sk_enroll: fido_dev_make_cred: FIDO_ERR_RX
debug1: sshsk_enroll: provider "internal" returned failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -4
Key enrollment failed: invalid format
我是 运行 MacOS,最新版本的 OpenSSH 已更新为:
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
我当前的 libfido2 版本是:1.4.0 通过 Homebrew 安装。
我的 Yubikey 型号是:Yubikey C Nano FIPS
我的Yubikey固件是:4.4.5
有谁知道这个错误的根源是什么? Yubikey FIPS系列不支持这个命令吗?
看来导致此问题的原因是在我从工作中收到 Yubikey 之前,在 U2F 功能上设置了管理员密码。您无法生成带有管理员密码的 U2F ecdsa-sk public/private 密钥对。
我目前在使用以下命令在终端中生成 U2F public/private 密钥对时遇到问题:
ssh-keygen -t ecdsa-sk -vv
运行 此命令提供以下错误:
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug1: start_helper: starting /usr/local/Cellar/openssh/8.3p1/libexec/ssh-sk-helper
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: ssh_sk_enroll: using device IOService:/AppleACPIPlatformExpert/PCI0@0/AppleACPIPCI/XHC1@14/XHC1@14000000/HS07@14200000/Yubikey 4 OTP+U2F+CCID@14200000/IOUSBHostInterface@1/AppleUserUSBHostHIDDevice
debug1: ssh_sk_enroll: fido_dev_make_cred: FIDO_ERR_RX
debug1: sshsk_enroll: provider "internal" returned failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: ssh-sk-helper: reply len 8
debug1: client_converse: helper returned error -4
Key enrollment failed: invalid format
我是 运行 MacOS,最新版本的 OpenSSH 已更新为:
OpenSSH_8.3p1, OpenSSL 1.1.1g 21 Apr 2020
我当前的 libfido2 版本是:1.4.0 通过 Homebrew 安装。
我的 Yubikey 型号是:Yubikey C Nano FIPS
我的Yubikey固件是:4.4.5
有谁知道这个错误的根源是什么? Yubikey FIPS系列不支持这个命令吗?
看来导致此问题的原因是在我从工作中收到 Yubikey 之前,在 U2F 功能上设置了管理员密码。您无法生成带有管理员密码的 U2F ecdsa-sk public/private 密钥对。