| 4 Dec 2023 |
 Lily Foster | * ssh-sk-helper in the darwin openssh package from nixpkgs has /nix/store/czcpqds7n8211xjbb1v6sdh8qizpmq6g-libfido2-1.13.0/lib/libfido2.1.dylib as LC_LOAD_DYLIB on the mach-o | 15:17:27 |
 Ilan Joselevich (Kranzes) | couldn't find libsk-libfido2 | 15:17:31 |
| Lily Foster | but what even is that. our openssh on linux doesn't have that either, so is it something darwin specific?? | 15:17:54 |
| Ilan Joselevich (Kranzes) | https://github.com/Yubico/libfido2/pull/65 | 15:18:14 |
| Lily Foster | either way, our openssh is built with the flag that is supposed to enable that support and the helper is successfully built. so i really don't see why it wouldn't work with it | 15:18:18 |
| Ilan Joselevich (Kranzes) | idk what to do anymore 😠| 15:19:26 |
| Ilan Joselevich (Kranzes) | so many different issues saying different things | 15:19:37 |
| Lily Foster | that was removed in https://github.com/Yubico/libfido2/commit/2ba6c6afe5f2d1717bf366da043ccb515fbed8de | 15:19:48 |
| Lily Foster | so ssh-sk-helper is the equivalent to that lib now | 15:20:08 |
| Lily Foster | and is what we build | 15:20:10 |
| Lily Foster | we just don't have a way currently to use nixpkgs openssh's sshd instead of macOS's | 15:20:28 |
| Ilan Joselevich (Kranzes) | can we just use SK_PROVIDER thing for now? | 15:21:41 |
| Ilan Joselevich (Kranzes) | to test it out | 15:21:43 |
| Lily Foster | what, with apple's openssh? | 15:21:54 |
| Ilan Joselevich (Kranzes) | yeah | 15:22:07 |
| Ilan Joselevich (Kranzes) | I don't think I can't do that from my Linux system | 15:24:32 |
| Ilan Joselevich (Kranzes) | and not even sure if it works on Ventura | 15:24:43 |
| Lily Foster | that might work? it looks like you can set SSH_SK_PROVIDER in the env even if it was not compiled with support and have it dlopen the provider | 15:27:05 |
| Ilan Joselevich (Kranzes) | In reply to @lily:lily.flowers
lily@darwin03> sw_vers
ProductName: macOS
ProductVersion: 13.6.1
BuildVersion: 22G313
someone says it's fixed in macOS 13.2 RC (22D49) | 15:27:05 |
| Lily Foster | if it's a recent enough openssh version | 15:27:14 |
| Ilan Joselevich (Kranzes) | In reply to @kranzes:matrix.org
someone says it's fixed in macOS 13.2 RC (22D49) clearly not then, because we're on 13.6 | 15:27:26 |
| Lily Foster | idk if dlopen'ing the nixpkgs provider might work, but i support we could try it | 15:27:31 |
| Ilan Joselevich (Kranzes) | Is there anything I can do to help with this from a Linux system? | 15:27:54 |
| Lily Foster | not sure. it looks like sk-usbhid.c is the file that would need to be built as a standalone shared lib (with ENABLE_SK_INTERNAL defined and SK_STANDALONE defined), but the openssh build system doesn't seem to support that? | 15:38:25 |
| Ilan Joselevich (Kranzes) | Maybe I should just generate a key just for this? | 15:47:12 |
| Ilan Joselevich (Kranzes) | Im wondering if some tpm2 protected key will work | 15:47:34 |
| Ilan Joselevich (Kranzes) | Does MacOS support pkcs11 ssh stuff? | 15:48:39 |
| Lily Foster | probably? | 15:48:59 |
| Ilan Joselevich (Kranzes) | Honestly at this point I don't assume MacOS supports anything | 15:55:35 |
| 5 Dec 2023 |
|  @federicodschonborn:matrix.org changed their profile picture. | 00:38:09 |
