Hello,
I’m trying to setup my onlykey as a 2fa device for a new ssh key (as in OpenSSH | Docs), but I always get a “Key enrollment failed: invalid format” error immediately.
Moreover, my onlykey doesn’t even blink - it stays green all the time.
$ ssh-keygen -t ecdsa-sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: invalid format
gerlos@lithium:~$ ssh-keygen -t ed25519-sk
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: invalid format
What can I do? I’m on Ubuntu 22.04, with openssh 8.9, onlykey 3.0.4, desktop app 5.5 (installed from deb package).
Thanks in advance,
Gerlos
PS Not sure if it helps, here’s the verbose output from ssh-keygen:
$ ssh-keygen -vvvv -t ecdsa-sk
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
debug3: start_helper: started pid=17507
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x01, challenge len 0
debug1: sshsk_enroll: using random challenge
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by touch
debug1: ssh_sk_enroll: using device /dev/hidraw6
debug1: ssh_sk_enroll: fido_dev_make_cred: FIDO_ERR_PIN_BLOCKED
debug1: sshsk_enroll: provider "internal" failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: main: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=17507
Key enrollment failed: invalid format