Skip to content

Remove Openssh checkpoint from hardware key test plan#56056

Merged
Joerger merged 1 commit intomasterfrom
joerger/update-hwkey-testplan
Jun 24, 2025
Merged

Remove Openssh checkpoint from hardware key test plan#56056
Joerger merged 1 commit intomasterfrom
joerger/update-hwkey-testplan

Conversation

@Joerger
Copy link
Copy Markdown
Contributor

@Joerger Joerger commented Jun 24, 2025
edited
Loading

Removes OpenSSH checkpoint as it has never worked.

For context: during hardware key agent testing, I mistakenly thought it solved the issue with Hardware Key support and the OpenSSH client described here. What actually changed is that tsh proxy ssh is now able to prompt for PIN through the agent whereas before you would get the following error:

> ssh server01.root.example.com 
Enter your YubiKey PIV PIN:
ERROR: failed to perform warmup signature with hardware private key
	pin cannot be empty

Connection closed by UNKNOWN port 65535

If you run the hardware key agent, you can now get one step further, entering the PIN through the agent, but ultimately failing the key exchange:

> ssh server01.root.example.com
Load key "/Users/bjoerger/.tsh/keys/root.example.com/dev-ssh/root.example.com-cert.pub": error in libcrypto
bjoerger@server01.root.example.com: Permission denied (publickey).

As described in #39339 (comment), we still need a way to inject a teleport client aware of hardware keys into the key exchange. SSH Vnet has been chosen for that job as an alternative.

@github-actions github-actions Bot requested review from greedy52 and mvbrock June 24, 2025 21:30
@Joerger Joerger added the no-changelog Indicates that a PR does not require a changelog entry label Jun 24, 2025
@Joerger Joerger enabled auto-merge June 24, 2025 21:45
@Joerger Joerger added this pull request to the merge queue Jun 24, 2025
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jun 24, 2025
@Joerger Joerger added this pull request to the merge queue Jun 24, 2025
Merged via the queue into master with commit 063f347 Jun 24, 2025
42 of 44 checks passed
@Joerger Joerger deleted the joerger/update-hwkey-testplan branch June 24, 2025 23:34
@yashuatla yashuatla mentioned this pull request Jun 25, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zmb3 zmb3 zmb3 approved these changes

@rosstimothy rosstimothy rosstimothy approved these changes

Assignees

No one assigned

Labels

no-changelog Indicates that a PR does not require a changelog entry size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Joerger @zmb3 @rosstimothy