Michael Vorburger.ch Blog

SSH Key type `ed25519-sk` (and `ecdsa-sk`)

May 1, 2021
SSH Key type `ed25519-sk` (and `ecdsa-sk`) image
security

SSH Key type ed25519-sk (and ecdsa-sk)

Today I noticed by coincidence that (recent versions of; e.g. the one available on Fedora Silverblue 34) ssh-keygen have ed25519-sk (and ecdsa-sk) key types (-t).

Never having seen these before, I wondered what they were for…

It is explained e.g. on https://security.stackexchange.com/questions/240991/what-is-the-sk-ending-for-ssh-key-types, and in the chapter “FIDO/U2F Support” on https://www.openssh.com/txt/release-8.2.

This is very nice, as it much simplifies the much too complicated old ways of using gpg-agent to SSH with a YubiKey.

I tried generating such a new type of SSH key with my YubiKey. At first it failed:

$ ssh-keygen -t ed25519-sk -O resident
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Key enrollment failed: requested feature not supported

This is apparently because the Firmware on the particular YubiKey I had tested this with was too old. But using the other key type worked, even less secure and ideally recommended (if you have a newer YubiKey):

$ ssh-keygen -t ecdsa-sk -O resident
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter file in which to save the key (/var/home/vorburger/.ssh/id_ecdsa_sk): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /var/home/vorburger/.ssh/id_ecdsa_sk
Your public key has been saved in /var/home/vorburger/.ssh/id_ecdsa_sk.pub
The key fingerprint is: SHA256:nwf4+ba...VM vorburger@silverblue
The key's randomart image is:
+-[ECDSA-SK 256]--+
(...)
+----[SHA256]-----+

Copying the generated .ssh/id_ecdsa_sk.pub (which starts with sk-ecdsa-sha2-nistp256@openssh.com) to another a machine let me SSH to it, with the usual touch operation on the YubiKey to confirm.

The ecdsa-sk have only 192 Key Length, which according e.g. this or this is too short, also this recommends against ecdsa in general.

These keys also work on GitHub! (Since May 2021, see yubico’s announcement, GitHub’s blog, GitHub’s doc.)

On ChromeOS this unfortunately does not work yet.

These SSH keys are “resident” (-O resident) on the SK. The SSH agent will send their public key to all servers when connecting.

If you generate several test keys, some servers may reject connections with: “Received disconnect from 192.168.122.72 port 22:2: Too many authentication failures”

You can delete such SSH keys from the Yubikey again using ykman fido credentials list and ykman fido credentials delete .... Beware, this needs a PIN, which may be blocked:

$ ykman fido info
AAGUID:             ...
PIN:                Blocked
Minimum PIN length: 4

In that case, you would have to ykman fido reset - but this will also wipe all FIDO2 and U2F applications, including 2FA for websites.

PS: Handles of SSH keys from the PGP (GPG) module on the YubiKey are stored in ~/.gnupg/sshcontrol, but that’s unrelated to this.