freebsd13 and yubikey bio for ssh

[mitchreward]

Hello,

I'm struggling to configure my freebsd 13 to use the ssh resident key stored on a yubikey bio.

I can't find any good procedure to get it work. I've installed pscs daemon. But I can't load ssh identity in the ssh-agent.
I've also installed and tried yubikey-agent that doesn't detect the yubikey bio.
Anyone have a procedure or a minimal list of what to install/do ?

thanks

 

[mitchreward]

to give more info, when I run a ssh-add -K I get:

Enter PIN for authenticator:
Provider "internal" returned failure -1
Unable to load resident keys: invalid format

and

ykman piv info
Error: Command 'piv' requires one of the following USB interfaces to be enabled: 'CCID'.

Use 'ykman config usb' to set the enabled USB interfaces.

and

ykman config usb -e PIV
PIV not supported over USB on this YubiKey

fido2-token -L
returns only if launched as root or sudo

 

[mitchreward]

I got it working ! here is the summary for the community:

# need to install: 
sudo pkg install libfido2-1.11.0 u2f-devd
#make sure user can access the yubikey, not only root
# add your user into u2f group, (see permissions of /dev/uhid0 device)
pw group mod u2f -m {userNameHere}

# should list your yubikey(s):
fido2-token -L

# ssh security-key generation 
/usr/local/bin/ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519-sk -O resident -v
# load the identity in agent
ssh-add .ssh/id_ed25519-sk
Identity added: .ssh/id_ed25519-sk (mick@Freebi)

enjoy