powershell/openssh-portable + FIDO2 build instructions

sshfido2.txt

1. Building

    1.1 Open Windows PowerShell.
    1.2 Create a workspace folder:

    > mkdir workspace

    1.3 Set the WORKSPACE environment variable:

    > $Env:WORKSPACE = 'C:\Users\pedro\workspace\'

    1.4 Set the VS140COMNTOOLS environment variable:

    > $Env:VS140COMNTOOLS = 'C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\Tools\'

    1.5 Clone martelletto/openssh-portable's fido2 branch:

    > git clone --branch fido2 https://github.com/martelletto/openssh-portable

    1.6 Build OpenSSH for Windows:

    > .\openssh-portable\contrib\win32\openssh\OpenSSH-build.ps1

2. Pointing PowerShell to the ssh built in the previous step

    2.1 Prepend PATH:

    > $Env:PATH = "C:\Users\pedro\openssh-portable\OpenSSH-Win64_symbols\;" + $Env:PATH

    2.2 Check ssh's version string:

    > ssh -V
    OpenSSH_for_Windows_8.6p1, LibreSSL 3.3.3

3. Testing key generation

    3.1 Create a ecdsa-sk credential on a security key:

    > ssh-keygen -t ecdsa-sk

    3.2 Configure the ssh public key (C:\Users\pedro\.ssh\id_ecdsa_sk.pub) in GitHub. 

4. Testing standalone ssh in PowerShell

    > ssh git@github.com
    <type enter to force ssh to request a shell>
    Hi martelletto! You've successfully authenticated, but GitHub does not provide shell access.

5. Testing git + ssh in PowerShell

    5.1 Set the GIT_SSH environment variable:

    > $Env:GIT_SSH = 'C:\Users\pedro\openssh-portable\OpenSSH-Win64_symbols\ssh.exe'

    5.2 Clone a repository (can be public) over ssh:

    > git clone ssh://git@github.com/yubico/libfido2

6. Pointing WSL2 to the ssh built in step 1.6

    6.1 Prepend PATH:

    $ export PATH=/mnt/c/Users/pedro/openssh-portable/OpenSSH-Win64_symbols/:$PATH

    6.2 Check ssh's version string:

    $ ssh.exe -V
    OpenSSH_for_Windows_8.6p1, LibreSSL 3.3.3

7. Testing standalone ssh in WSL2

    > ssh.exe git@github.com
    <type enter to force ssh to request a shell>
    Hi martelletto! You've successfully authenticated, but GitHub does not provide shell access.

8. Testing git + ssh in WSL2

    8.1 Set the GIT_SSH environment variable:

    $ export GIT_SSH=/mnt/c/Users/pedro/openssh-portable/OpenSSH-Win64_symbols/ssh.exe

    8.2 Clone a repository (can be public) over ssh:

    $ git clone ssh://git@github.com/yubico/libfido2

Still getting this error:

ssh-keygen -t ecdsa-sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: invalid format

Still getting this error:

ssh-keygen -t ecdsa-sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: invalid format

i was still using administrator account. with the user account it is working.

usage of ssh-add is still not possible with _sk keys, right?

That’s right.

…

On 23 Oct 2021, at 14:26, bierdosenhalter ***@***.***> wrote: ***@***.*** commented on this gist. usage of ssh-add is still not possible with _sk keys, right? — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android.