Re: [opensuse-factory] Re: openssh 8.2
On 6/5/20 6:12 AM, İsmail Dönmez wrote:
On 05 Jun 17:10 2020, Hans Petter Jansson wrote: ...
I've superseded the above request with a libfido2-enabled one. It builds and runs ok, and ldd confirms ssh-sk-helper is linked with libfido2. However I'm unable to test it end-to-end since my Yubikey is too old. Let me know how it goes! Thanks! I don't have any Yubikey, but this was we can get people to test it :-)
Regards, ismail
As it happens, I got a new Yubikey yesterday, so I tried the 1-Click install for openssh 8.3p1 and got: An error occurred while initializing the software repository. Details: https-download.opensuse.org-7f613772: [https-download.opensuse.org-7f613772|https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open...] Valid metadata not found at specified URL History: - [https-download.opensuse.org-7f613772|https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open...] Repository type can't be determined. Is there a prescribed way to install this? David
it got accepted in here https://build.opensuse.org/package/show/network/openssh but is not build yet for 64bit... once green I will test. Alin ---Dr Alin Marin Elenahttp://alin.elena.space ---- On Fri, 05 Jun 2020 20:58:40 +0000 David Walker <David@WalkerStreet.info> wrote ----
On 6/5/20 6:12 AM, İsmail Dönmez wrote:
On 05 Jun 17:10 2020, Hans Petter Jansson wrote: ...
I've superseded the above request with a libfido2-enabled one. It builds and runs ok, and ldd confirms ssh-sk-helper is linked with libfido2. However I'm unable to test it end-to-end since my Yubikey is too old. Let me know how it goes! Thanks! I don't have any Yubikey, but this was we can get people to test it :-)
Regards, ismail
As it happens, I got a new Yubikey yesterday, so I tried the 1-Click install for openssh 8.3p1 and got:
An error occurred while initializing the software repository. Details: https-download.opensuse.org-7f613772: [https-download.opensuse.org-7f613772|https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open...] Valid metadata not found at specified URL History: - [https-download.opensuse.org-7f613772|https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open...] Repository type can't be determined.
Is there a prescribed way to install this?
David
</div> -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
tested... seems to work ecdsa tested with... ---Dr Alin Marin Elenahttp://alin.elena.space ---- On Sat, 06 Jun 2020 09:44:04 +0000 Alin Marin Elena <alin@elena.space> wrote ----
it got accepted in here
https://build.opensuse.org/package/show/network/openssh
but is not build yet for 64bit... once green I will test.
Alin
---Dr Alin Marin Elenahttp://alin.elena.space
---- On Fri, 05 Jun 2020 20:58:40 +0000 David Walker <David@WalkerStreet.info> wrote ----
On 6/5/20 6:12 AM, İsmail Dönmez wrote:
On 05 Jun 17:10 2020, Hans Petter Jansson wrote: ...
I've superseded the above request with a libfido2-enabled one. It builds and runs ok, and ldd confirms ssh-sk-helper is linked with libfido2. However I'm unable to test it end-to-end since my Yubikey is too old. Let me know how it goes! Thanks! I don't have any Yubikey, but this was we can get people to test it :-)
Regards, ismail
As it happens, I got a new Yubikey yesterday, so I tried the 1-Click install for openssh 8.3p1 and got:
An error occurred while initializing the software repository. Details: https-download.opensuse.org-7f613772: [https-download.opensuse.org-7f613772|https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open...] Valid metadata not found at specified URL History: - [https-download.opensuse.org-7f613772|https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open...] Repository type can't be determined.
Is there a prescribed way to install this?
David
</div> -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
</div>
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, 2020-06-05 at 13:58 -0700, David Walker wrote:
As it happens, I got a new Yubikey yesterday, so I tried the 1-Click install for openssh 8.3p1 and got:
An error occurred while initializing the software repository. Details: https-download.opensuse.org-7f613772: [https- download.opensuse.org-7f613772| https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open... ] Valid metadata not found at specified URL History: - [https-download.opensuse.org-7f613772| https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open... ] Repository type can't be determined.
Is there a prescribed way to install this?
The repo wasn't set to publish RPMs. I've turned it on now, so if you try again it should work. If it doesn't, it might be simpler to just wait for the packages to land in Factory. That should be happening very soon. -- Hans Petter
Thanks, Hans Petter. I'll wait for it to show up and then report back if I find anything amiss. David On 6/6/20 5:42 PM, Hans Petter Jansson wrote:
On Fri, 2020-06-05 at 13:58 -0700, David Walker wrote:
As it happens, I got a new Yubikey yesterday, so I tried the 1-Click install for openssh 8.3p1 and got:
An error occurred while initializing the software repository. Details: https-download.opensuse.org-7f613772: [https- download.opensuse.org-7f613772| https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open... ] Valid metadata not found at specified URL History: - [https-download.opensuse.org-7f613772| https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open... ] Repository type can't be determined.
Is there a prescribed way to install this? The repo wasn't set to publish RPMs. I've turned it on now, so if you try again it should work. If it doesn't, it might be simpler to just wait for the packages to land in Factory. That should be happening very soon.
I've been playing this since 8.3p1 came out in a Tumbleweed snapshot, and it works fine, except when I try to add a second Yubikey. My first key (a Yubikey 5c Nano) was set up with "ssh-keygen -t ecdsa-sk" using the default key files (~/.ssh/id_ecdsa_sk*), but when I try to do the same for a second key (a Yubikey 5 NFC, using USB), the light doesn't flash on the Yubikey when I'm prompted to press the Yubikey's button, so I'm not prompted for where to store the new key pair. If I press its button, ssh-keygen complains about a bad format, and gnome-terminal echos what looks like an OTP string from the Yubikey. After this happens, the first key will not work for ssh authentication for a while (a few hours to a couple of days), even if I reboot the system. Both keys continue t work with a browser (Vivaldi), though. Any ideas of how to diagnose what's going on? Should I submit a bug report? Is this better reported to the openssh project? David On 6/6/20 10:21 PM, David Walker wrote:
Thanks, Hans Petter. I'll wait for it to show up and then report back if I find anything amiss.
David
On 6/6/20 5:42 PM, Hans Petter Jansson wrote:
On Fri, 2020-06-05 at 13:58 -0700, David Walker wrote:
As it happens, I got a new Yubikey yesterday, so I tried the 1-Click install for openssh 8.3p1 and got:
An error occurred while initializing the software repository. Details: https-download.opensuse.org-7f613772: [https- download.opensuse.org-7f613772| https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open... ] Valid metadata not found at specified URL History: - [https-download.opensuse.org-7f613772| https://download.opensuse.org/repositories/home:/hpjansson:/openssh-8.3/open... ] Repository type can't be determined.
Is there a prescribed way to install this? The repo wasn't set to publish RPMs. I've turned it on now, so if you try again it should work. If it doesn't, it might be simpler to just wait for the packages to land in Factory. That should be happening very soon.
On 23 Jun 21:38 2020, David Walker wrote:
I've been playing this since 8.3p1 came out in a Tumbleweed snapshot, and it works fine, except when I try to add a second Yubikey. My first key (a Yubikey 5c Nano) was set up with "ssh-keygen -t ecdsa-sk" using the default key files (~/.ssh/id_ecdsa_sk*), but when I try to do the same for a second key (a Yubikey 5 NFC, using USB), the light doesn't flash on the Yubikey when I'm prompted to press the Yubikey's button, so I'm not prompted for where to store the new key pair. If I press its button, ssh-keygen complains about a bad format, and gnome-terminal echos what looks like an OTP string from the Yubikey.
After this happens, the first key will not work for ssh authentication for a while (a few hours to a couple of days), even if I reboot the system. Both keys continue t work with a browser (Vivaldi), though.
Any ideas of how to diagnose what's going on? Should I submit a bug report? Is this better reported to the openssh project?
This would be better reported to https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev indeed. Most of us lack the hardware to do any useful testing for now. Regards, ismail -- „Jenseits von richtig und falsch liegt ein Ort, an dem treffen wir uns.“ - Rūmī SUSE Software Solutions Germany GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany GF: Felix Imendörffer (HRB 36809, AG Nürnberg)
FYI, there is now an open issue for this with the openssh project at https://bugzilla.mindrot.org/show_bug.cgi?id=3188. David On 6/24/20 8:22 AM, İsmail Dönmez wrote:
On 23 Jun 21:38 2020, David Walker wrote:
I've been playing this since 8.3p1 came out in a Tumbleweed snapshot, and it works fine, except when I try to add a second Yubikey. My first key (a Yubikey 5c Nano) was set up with "ssh-keygen -t ecdsa-sk" using the default key files (~/.ssh/id_ecdsa_sk*), but when I try to do the same for a second key (a Yubikey 5 NFC, using USB), the light doesn't flash on the Yubikey when I'm prompted to press the Yubikey's button, so I'm not prompted for where to store the new key pair. If I press its button, ssh-keygen complains about a bad format, and gnome-terminal echos what looks like an OTP string from the Yubikey.
After this happens, the first key will not work for ssh authentication for a while (a few hours to a couple of days), even if I reboot the system. Both keys continue t work with a browser (Vivaldi), though.
Any ideas of how to diagnose what's going on? Should I submit a bug report? Is this better reported to the openssh project? This would be better reported to https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev indeed. Most of us lack the hardware to do any useful testing for now.
Regards, ismail
participants (4)
-
Alin Marin Elena -
David Walker -
Hans Petter Jansson -
İsmail Dönmez