I am attempting to setup SSH entry utilizing a {hardware} backed safety key. IE My non-public secret is a ed25519-sk key requiring FIDO2 interplay with my yubikey 5 sequence.
I am in search of a solution to get an SSH agent working mechanically that can be utilized by GUI apps together with GitKraken that may work with a ed25519-sk. I consider the elemental challenge is that the ssh-agent hits an error whereas attempting to work together with the FIDO2 system as a result of it wants person interplay, and with out an “ask go” accessible, it might probably’t work together with the person.
There’s quite a lot of blogs and directions which both level to setting atmosphere variables on the inbuilt ssh-agent, or disabling it completely and changing it with OpenSSH.
Apparently this complete approach no-longer works (actually not in MacOS 15.3) as a result of current safety hardening has made it inconceivable to change or disable the inbuilt ssh-agent.
Well mannered trace: If you know the way to change the inbuilt agent’s behaviour, please take a look at earlier than answering as current safety hardening might have modified the OS behaviour. Lots of articles on google shall be incorrect because of this.
What I can do is set up an ssh-askpass via brew, set up openssh with brew, after which in a shell setup an openssh ssh-agent configured to make use of ssh-askpass.
However that is solely good for that shell. Different instruments, together with GitKraken cannot discover the ssh-agent, and I am unable to discover a solution to direct GUI instruments on the ssh-agent began within the shell.
Definitely I am in search of an computerized resolution, not one I’ve to work via a litany of instructions each session.
That is really a really primary query for a slender area. Virtually anybody utilizing a FIDO2 system for SSH on MacOS is prone to have hit this downside.
Nonetheless, the sign/noise ratio on Google is at the moment very poor on this area because of the overwhelming majority of blogs, how-to guides, and many others. utilizing a method that no-longer works as of some months in the past.
I am not in search of somebody to google this for me, I am hoping somebody with particular area data of the subject might have already got a solution.
So in brief I am merely in search of a solution to get ssh-agent (inbuilt) to make use of an ask-pass program when it wants interplay from the person.