FYI, there is now an open issue for this with the openssh project at https://bugzilla.mindrot.org/show_bug.cgi?id=3188. David On 6/24/20 8:22 AM, İsmail Dönmez wrote:
On 23 Jun 21:38 2020, David Walker wrote:
I've been playing this since 8.3p1 came out in a Tumbleweed snapshot, and it works fine, except when I try to add a second Yubikey. My first key (a Yubikey 5c Nano) was set up with "ssh-keygen -t ecdsa-sk" using the default key files (~/.ssh/id_ecdsa_sk*), but when I try to do the same for a second key (a Yubikey 5 NFC, using USB), the light doesn't flash on the Yubikey when I'm prompted to press the Yubikey's button, so I'm not prompted for where to store the new key pair. If I press its button, ssh-keygen complains about a bad format, and gnome-terminal echos what looks like an OTP string from the Yubikey.
After this happens, the first key will not work for ssh authentication for a while (a few hours to a couple of days), even if I reboot the system. Both keys continue t work with a browser (Vivaldi), though.
Any ideas of how to diagnose what's going on? Should I submit a bug report? Is this better reported to the openssh project? This would be better reported to https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev indeed. Most of us lack the hardware to do any useful testing for now.
Regards, ismail