Unable to use PIV Attestation on Windows

I’ve had my yubikey 5c for a while, working great on my MacBook Air M1.

I just got a Microsoft Surface Pro 11 with the new snapdragon arm64 cpu.

So I download yubico-piv-tool and build it, linking towards openssl.

I use the ssh client from windows (which is linked against libressl if that matters) and try to connect to my server with:
ssh -I C:Usersiveqyliblibykcs11.dll myServer-v

This just fails with:

OpenSSH_for_Windows_9.5.p1, LibreSSL 3.8.2
debug1: Reading configuration data C:\Users\iveqy/.ssh/config
debug1: C:\Users\iveqy/.ssh/config line 1: Applying options for myServer
debug1: Connecting to myServer [XX.XX.XX.XX] port 22.
debug1: Connection established.
debug1: provider C:\Users\iveqy\lib\libykcs11.dll: manufacturerID <Yubico (www.yubico.com)> cryptokiVersion 2.40 libraryDescription <PKCS#11 PIV Library (SP-800-73)> libraryVersion 2.52
debug1: provider C:\Users\iveqy\lib\libykcs11.dll slot 0: label <YubiKey PIV #16932921> manufacturerID <Yubico (www.yubico.com)> model <YubiKey YK5> serial <16932921> flags 0x40d
debug1: have 1 keys
debug1: pkcs11_k11_free: parent 00000269B018C0F0 ptr 00000269B01BF9E0 idx 1
debug1: pkcs11_provider_unref: provider "C:\Users\iveqy\lib\libykcs11.dll" refcount 2
debug1: identity file C:\Users\iveqy/.ssh/id_rsa type -1
debug1: identity file C:\Users\iveqy/.ssh/id_rsa-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ecdsa type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ecdsa_sk type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ed25519 type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ed25519-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ed25519_sk type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ed25519_sk-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_xmss type -1
debug1: identity file C:\Users\iveqy/.ssh/id_xmss-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_dsa type -1
debug1: identity file C:\Users\iveqy/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6p1 Ubuntu-4ubuntu0.7
debug1: compat_banner: match: OpenSSH_7.6p1 Ubuntu-4ubuntu0.7 pat OpenSSH_7.0*,OpenSSH_7.1*,OpenSSH_7.2*,OpenSSH_7.3*,OpenSSH_7.5*,OpenSSH_7.6*,OpenSSH_7.7* compat 0x04000002
debug1: Authenticating to myServer:22 as 'iveqy'
debug1: load_hostkeys: fopen C:\Users\iveqy/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:X4uc/yncys1lBSUdrlF++Yh7wnr61FoYp5WRJpQReQg
debug1: load_hostkeys: fopen C:\Users\iveqy/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\ssh/ssh_known_hosts2: No such file or directory
debug1: Host 'dahut.tech' is known and matches the ED25519 host key.
debug1: Found key in C:\Users\iveqy/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_rsa
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_ecdsa
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_ed25519
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_xmss
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey
debug1: Next authentication method: publickey
debug1: Trying private key: C:\Users\iveqy/.ssh/id_rsa
debug1: Trying private key: C:\Users\iveqy/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\iveqy/.ssh/id_ecdsa_sk
debug1: Trying private key: C:\Users\iveqy/.ssh/id_ed25519
debug1: Trying private key: C:\Users\iveqy/.ssh/id_ed25519_sk
debug1: Trying private key: C:\Users\iveqy/.ssh/id_xmss
debug1: Trying private key: C:\Users\iveqy/.ssh/id_dsa
debug1: No more authentication methods to try.
[email protected]: Permission denied (publickey).

So I do a key export with ssh-keygen. Get a new public key (which I don’t understand why) and add that to authorized_keys on my server. Then I try again. This time I get to enter my pin code but still no success in loggin in.

PS C:Usersiveqysrcopenssh-portable> ssh -I C:Usersiveqyliblibykcs11.dll myServer -v
OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2
debug1: Reading configuration data C:\Users\iveqy/.ssh/config
debug1: C:\Users\iveqy/.ssh/config line 6: Applying options for myServer
debug1: Connecting to 31.208.38.86 [XX.XX.XX.XX] port 22.
debug1: Connection established.
debug1: provider C:\Users\iveqy\lib\libykcs11.dll: manufacturerID <Yubico (www.yubico.com)> cryptokiVersion 2.40 libraryDescription <PKCS#11 PIV Library (SP-800-73)> libraryVersion 2.52
debug1: provider C:\Users\iveqy\lib\libykcs11.dll slot 0: label <YubiKey PIV #16932921> manufacturerID <Yubico (www.yubico.com)> model <YubiKey YK5> serial <16932921> flags 0x40d
debug1: have 1 keys
debug1: pkcs11_k11_free: parent 000001C1B018C230 ptr 000001C1B01BF740 idx 1
debug1: pkcs11_provider_unref: provider "C:\Users\iveqy\lib\libykcs11.dll" refcount 2
debug1: identity file C:\Users\iveqy/.ssh/id_rsa type -1
debug1: identity file C:\Users\iveqy/.ssh/id_rsa-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ecdsa type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ecdsa_sk type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ed25519 type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ed25519-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ed25519_sk type -1
debug1: identity file C:\Users\iveqy/.ssh/id_ed25519_sk-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_xmss type -1
debug1: identity file C:\Users\iveqy/.ssh/id_xmss-cert type -1
debug1: identity file C:\Users\iveqy/.ssh/id_dsa type -1
debug1: identity file C:\Users\iveqy/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_9.5
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.9p1 Debian-10+deb10u2
debug1: compat_banner: match: OpenSSH_7.9p1 Debian-10+deb10u2 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 31.208.38.86:2255 as 'iveqy'
debug1: load_hostkeys: fopen C:\Users\iveqy/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: [email protected] MAC: <implicit> compression: none
debug1: kex: client->server cipher: [email protected] MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:p17Mv39287EYUF0vySYjynh9GrFT2iaVipBf0vVdR1c
debug1: load_hostkeys: fopen C:\Users\iveqy/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\ssh/ssh_known_hosts2: No such file or directory
debug1: Host '[31.208.38.86]:2255' is known and matches the ED25519 host key.
debug1: Found key in C:\Users\iveqy/.ssh/known_hosts:3
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: get_agent_identities: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: Public key for PIV Attestation RSA SHA256:IVuYB+R5NGoEnf0HNysTj/4rZG+D+91Bd9+h6OnmEtI token
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_rsa
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_ecdsa
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_ed25519
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_xmss
debug1: Will attempt key: C:\Users\iveqy/.ssh/id_dsa
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: Public key for PIV Attestation RSA SHA256:IVuYB+R5NGoEnf0HNysTj/4rZG+D+91Bd9+h6OnmEtI token
debug1: Server accepts key: Public key for PIV Attestation RSA SHA256:IVuYB+R5NGoEnf0HNysTj/4rZG+D+91Bd9+h6OnmEtI token
Enter PIN for 'YubiKey PIV #16932921':
debug1: C_FindObjects failed (nfound 0 nattr 3): 0
debug1: pkcs11_check_obj_bool_attrib: provider "C:\Users\iveqy\lib\libykcs11.dll" slot 0 object 110: attrib 514 = 0
C_Sign failed: 7
debug1: identity_sign: sshkey_sign: error in libcrypto
sign_and_send_pubkey: signing failed for RSA "Public key for PIV Attestation": error in libcrypto
debug1: pkcs11_k11_free: parent 000001C1B018CF50 ptr 0000000000000000 idx 1
debug1: Trying private key: C:\Users\iveqy/.ssh/id_rsa
debug1: Trying private key: C:\Users\iveqy/.ssh/id_ecdsa
debug1: Trying private key: C:\Users\iveqy/.ssh/id_ecdsa_sk
debug1: Trying private key: C:\Users\iveqy/.ssh/id_ed25519
debug1: Trying private key: C:\Users\iveqy/.ssh/id_ed25519_sk
debug1: Trying private key: C:\Users\iveqy/.ssh/id_xmss
debug1: Trying private key: C:\Users\iveqy/.ssh/id_dsa
debug1: Next authentication method: password
[email protected]'s password:

  • windows
  • openssl
  • yubico
  • yubikey
  • windows-arm64

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa Dịch vụ tổ chức sự kiện 5 sao Thông tin về chúng tôi Dịch vụ sinh nhật bé trai Dịch vụ sinh nhật bé gái Sự kiện trọn gói Các tiết mục giải trí Dịch vụ bổ trợ Tiệc cưới sang trọng Dịch vụ khai trương Tư vấn tổ chức sự kiện Hình ảnh sự kiện Cập nhật tin tức Liên hệ ngay Thuê chú hề chuyên nghiệp Tiệc tất niên cho công ty Trang trí tiệc cuối năm Tiệc tất niên độc đáo Sinh nhật bé Hải Đăng Sinh nhật đáng yêu bé Khánh Vân Sinh nhật sang trọng Bích Ngân Tiệc sinh nhật bé Thanh Trang Dịch vụ ông già Noel Xiếc thú vui nhộn Biểu diễn xiếc quay đĩa Dịch vụ tổ chức tiệc uy tín Khám phá dịch vụ của chúng tôi Tiệc sinh nhật cho bé trai Trang trí tiệc cho bé gái Gói sự kiện chuyên nghiệp Chương trình giải trí hấp dẫn Dịch vụ hỗ trợ sự kiện Trang trí tiệc cưới đẹp Khởi đầu thành công với khai trương Chuyên gia tư vấn sự kiện Xem ảnh các sự kiện đẹp Tin mới về sự kiện Kết nối với đội ngũ chuyên gia Chú hề vui nhộn cho tiệc sinh nhật Ý tưởng tiệc cuối năm Tất niên độc đáo Trang trí tiệc hiện đại Tổ chức sinh nhật cho Hải Đăng Sinh nhật độc quyền Khánh Vân Phong cách tiệc Bích Ngân Trang trí tiệc bé Thanh Trang Thuê dịch vụ ông già Noel chuyên nghiệp Xem xiếc khỉ đặc sắc Xiếc quay đĩa thú vị

Filed under: Kiến thức lập trình - @ 22:37

Thẻ:

Trang chủ Giới thiệu Sinh nhật bé trai Sinh nhật bé gái Tổ chức sự kiện Biểu diễn giải trí Dịch vụ khác Trang trí tiệc cưới Tổ chức khai trương Tư vấn dịch vụ Thư viện ảnh Tin tức - sự kiện Liên hệ Chú hề sinh nhật Trang trí YEAR END PARTY công ty Trang trí tất niên cuối năm Trang trí tất niên xu hướng mới nhất Trang trí sinh nhật bé trai Hải Đăng Trang trí sinh nhật bé Khánh Vân Trang trí sinh nhật Bích Ngân Trang trí sinh nhật bé Thanh Trang Thuê ông già Noel phát quà Biểu diễn xiếc khỉ Xiếc quay đĩa
Thiết kế website Thiết kế website Thiết kế website Cách kháng tài khoản quảng cáo Mua bán Fanpage Facebook Dịch vụ SEO Tổ chức sinh nhật