Support for ED25519-SK keys #127
Comments
|
pssh invokes |
|
Yes it works when I use "ssh target_host". I think the issue is that ED25519-SK requires talking to a secure-key such as yubikey. Maybe pssh skips talking to the secure-key. The certificate is "no-touch-required" and "no-touch-required" is set in authorized_keys it shouldn't be anything relating to requiring the secure key to be touched. |
|
What if you comment out this line: Line 88 in d4909c9 |
|
I don't think that will help. I have figured out that if I set "-p 1" it works as hosts are connected to sequentially however it drastically increases the amount of time as host needs to finish before connecting to the next one. I think the issue is that when establishing in parallel each host requests for the ssh key to be signed by the secure-USB however each new request cancels the previous request before the USB has time to finish processing it. |
|
It doesn't have some kind of lock to coordinate parallel requests? |
|
Not that I know of. I'm using the Yubikey 5 nano. |
It seems there is no support for ED25519-SK Keys.
When using ED25519-SK keys pssh responds with "Exited with error code 255
Stderr: sign_and_send_pubkey: signing failed for ED25519-SK "/home/user/.ssh/id_ed25519_sk": invalid format
pssh error: SSH requested a password. Please create SSH keys or use
the -A option to provide a password."
Is there any chance that ED25519-SK key format support will be available in the future as this would be more secure?
The text was updated successfully, but these errors were encountered: