SSH - 2FA (ecdsa-sk) - Yubikey - Not working

[crypt0rr]

Situation:

Private key encrypted with Yubikey as 2-factor solution (ssh-keygen -t ecdsa-sk -f ~/.ssh/id_ecdsa_sk). So steps will be;

1. SSH to server
2. Fill in private key passphrase
3. Physically touch Yubikey

Example auth flow from CLI:

$ ssh [email protected]
Enter passphrase for key 'private': 
Confirm user presence for key ECDSA-SK SHA256:X7I[...SNIP...]TF0
Last login: Thu Oct 28 14:40:56 2021 from 10.0.1.10
[email protected]:~$

Situation when using Tabby 'Profiles & connections'. Asks passphrase for the private key, but keeps asking it over and over, not asking for the second factor Yubikey needed.

SSH  Connecting to 10.0.0.1
SSH  Host key fingerprint:
SSH  SHA256  e545[...SNIP...]ee876 
SSH  Loading private key
SSH   X  Could not read the private key file
SSH   X  KeyParseError: Failed to parse (unnamed) as a valid auto format key: Unknown algorithm [email protected]
X  All configured authentication methods failed

Please have a look at this, would be cool if it works like a charm!

[Eugeny]

There's no support for -sk keys / Yubikey at the moment unfortunately.

[BearTS]

so uh i have a ppk ssh private key using the encryption type RSA 2048 without any passphrase Tabby asks for key passphrase What is the catch here? Termius works totally fine

[markft]

Same issue. Tested a rsa key with a passphrase and it works, same without a passphrase and Tabby still prompts for the passphrase. No way to get around the prompt.

[mnixry]

Same issue here.

After checked the code, I think this bug may be caused by upstream package ssh2 which lacks the -sk keys support. We may need to create a new issue in the package's repository to let the author know the necessity to support -sk private key.