Using Mountain Duck with MFA (Yubikey)

[mv-b1ai]

I am trying to setup a SSH connection to a machine, which uses a Yubikey as second factor. When Setting up my connection

• ip
• proper ssh key
• username & password

i get an error "Don't know how to decode key:unknown"
any way to setup the connection to use the yubikey as a second factor?

Thanks in advance!

[dkocher]

The error seems to indicate we are unable to determine the type of the public host key sent from the server. In general we should support authenticating with public key authentication by retrieving the private key from Yubikey to authenticate reading the IdentityAgent directive from your OpenSSH configuration file in ~/.ssh/config (Documentation pending). If the Yubikey is used to generate one-time passcodes the server should prompt with using a challenge-response authentication which is supported ¹.

Footnotes

1. https://docs.cyberduck.io/protocols/sftp/#one-time-passcodes-2fa ↩

[mv-b1ai]

Is there anything i can do to provide further helpful information? Or do i have to alter something with my setup, to be able to make it work?

[dkocher]

Please provide a debug log.

[mv-b1ai]

i hope this helps, let me know, if i need to do something differently

thats the error i receive, when trying to connect

The connection i have setup works fine if i open it in the terminal via mountain duck, so i believe there are no obvious mistakes there.

Log:

standard	08:46:00.371145+0200	Mountain Duck	[0x6000033ac2d0] activating connection: mach=false listener=false peer=false name=com.apple.TextInputUI.xpc.CursorUIViewService
standard	08:46:00.371752+0200	Mountain Duck	[0x6000033ac2d0] invalidated after the last release of the connection object
standard	08:46:00.374041+0200	Mountain Duck	[0x1261ed370] activating connection: mach=false listener=false peer=false name=(anonymous)
standard	08:46:00.374114+0200	Mountain Duck	[0x158f39ee0] activating connection: mach=false listener=false peer=false name=(anonymous)
standard	08:46:00.396946+0200	Mountain Duck	-[TUINSCursorUIController activate:]_block_invoke: Create CursorUIViewService: TUINSRemoteViewController
standard	08:46:00.397075+0200	Mountain Duck	[0x158f1ce10] invalidated on xpc_connection_cancel()
standard	08:46:00.397099+0200	Mountain Duck	[0x1260bbb10] invalidated on xpc_connection_cancel()
standard	08:46:01.213253+0200	Mountain Duck	nw_path_evaluator_start [xx-xx-xx-xx-xx IPv4#xx:0 generic, attribution: developer]
	path: satisfied (Path is satisfied), interface: ppp0, ipv4, dns
standard	08:46:01.215616+0200	Mountain Duck	container_create_or_lookup_app_group_path_by_app_group_identifier: success
standard	08:46:01.216074+0200	Mountain Duck	container_create_or_lookup_app_group_path_by_app_group_identifier: success
standard	08:46:01.687299+0200	Mountain Duck	order window front conditionally: 9ec related: 0
standard	08:46:01.693146+0200	Mountain Duck	order window front conditionally: 9ec related: 0
standard	08:46:01.693558+0200	Mountain Duck	parent NSPanel 0x1247216f0 (9ec) remove _NSAlertPanel 0x28b19fa10 (a50) from group
standard	08:46:01.693707+0200	Mountain Duck	parent NSPanel 0x1247216f0 (9ec) add _NSAlertPanel 0x28b19fa10 (a50) to group
standard	08:46:01.702485+0200	Mountain Duck	order window: a50 op: 1 relative: 9ec related: 0
standard	08:46:01.970366+0200	Mountain Duck	parent NSPanel 0x1247216f0 (9ec) remove _NSAlertPanel 0x28b19fa10 (a50) from group
standard	08:46:01.970742+0200	Mountain Duck	parent NSPanel 0x1247216f0 (9ec) add _NSAlertPanel 0x28b19fa10 (a50) to group
standard	08:46:01.971054+0200	Mountain Duck	order window: a50 op: 1 relative: 9ec related: 0

[dkocher]

Please attach the output of ssh -v from the Terminal to compare with.

[dkocher]

We do not currently support public key types “ecdsa-sk” and “ed25519-sk".