Not working, Windows 11

[desultory-zz]

I'm not sure what I'm doing wrong here, I've added the path to my ssh config and added the environment variable and it still doesn't seem to be working:

C:\Windows\System32>ssh-keygen -t  ecdsa-sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: unknown or unsupported key type

C:\Windows\System32>echo %SSH_SK_PROVIDER%
C:\Users\desu\bin\winhello.dll

C:\Windows\System32>type C:\Users\desu\.ssh\config
PKCS11Provider "C:\Program Files\Yubico\Yubico PIV Tool\bin\libykcs11.dll"
SecurityKeyProvider "C:\Users\desu\bin\winhello.dll"
C:\Windows\System32>

[tavrez]

Windows version of OpenSSH is not configured to support security keys, you have to get git for windows, msys, or newer version of Windows OpenSSH to use security keys

[desultory-zz]

Windows version of OpenSSH is not configured to support security keys, you have to get git for windows, msys, or newer version of Windows OpenSSH to use security keys

where do I obtain this newer version?

---

I'd prefer to use utilities that are standard/portable as possible. It's my understanding that there are some changes coming to the windows openssh agent that makes it support security keys better? Same with gpg?

[tavrez]

https://github.com/PowerShell/Win32-OpenSSH/releases

…

On Tue, Oct 18, 2022 at 3:32 AM Zen ***@***.***> wrote: Windows version of OpenSSH is not configured to support security keys, you have to get git for windows, msys, or newer version of Windows OpenSSH to use security keys where do I obtain this newer version? — Reply to this email directly, view it on GitHub <#17 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACFM2DPJDKTA5VOL6GRFXHTWDXSIPANCNFSM6AAAAAARHDI22Q> . You are receiving this because you commented.Message ID: ***@***.***>

[tavrez]

It's my understanding that there are some changes coming to the windows openssh agent that makes it support security keys better?

Well, not better, they just added support for FIDO keys in their newer versions

[desultory-zz]

https://github.com/PowerShell/Win32-OpenSSH/releases
…
On Tue, Oct 18, 2022 at 3:32 AM Zen @.> wrote: Windows version of OpenSSH is not configured to support security keys, you have to get git for windows, msys, or newer version of Windows OpenSSH to use security keys where do I obtain this newer version? — Reply to this email directly, view it on GitHub <#17 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACFM2DPJDKTA5VOL6GRFXHTWDXSIPANCNFSM6AAAAAARHDI22Q . You are receiving this because you commented.Message ID: @.>

Thanks for that info, but the last release looks like it was from march. I considered trying to compile it but have little experience building software for/on Windows so I may just wait for it to hit the binary release on windows unless it's easier than I think

Oh, I see that old release does support it, I thought it was a more recent development, I think I'll try that. thanks

[desultory-zz]

I'll note that to use this, you need to uninstall the windows component openssh because it lives in system32 and a reboot is required for this to complete

[desultory-zz]

new errors...

c:\Program Files\OpenSSH>ssh-keygen -t ecdsa-sk -O resident -O application=ssh:yubi -O verify-required -vv
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug1: find_helper: using "c:\\Program Files\\OpenSSH\\ssh-sk-helper.exe" as helper
debug1: client_converse: helper returned error -4
Key enrollment failed: invalid format

c:\Program Files\OpenSSH>ssh -V
OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3

c:\Program Files\OpenSSH>