4

I have an ecdsa-sk keypair that I generated and added to my github account (tied to a yubikey). If I try any connection using that key, such as git push, I get:

sign_and_send_pubkey: signing failed for ECDSA-SK "[...]/.ssh/id_ecdsa_sk" from agent: agent refused operation

No combination of ssh-add commands I've tried works (deleting key, re-adding ,etc). ssh-add -l will show the key as present, but I still get the above error.

The only thing that works is to kill the ssh-agent and then immediately run:

ssh-add -K <ecdsa keyfile>

If I do that then git push will work--once. If I do anything else with the agent first, add other keys, etc. then git push will fail (giving the above error) and if I immediately run git push a second time it will fail (and continually after until I kill ssh-agent again).

I'm unfortunately on Mac (Monterey, M1 chip). I only have this problem with the esdsa-sk key. My regular rsa keys work fine. Am I missing anything or doing something wrong? I know ecdsa-sk support is relatively new; could this be a bug?

Improve this question

1 Answer 1

Reset to default
1

Use Homebrew's OpenSSH

$ brew install openssh

Once installed, you have to override the one in your PATH by putting the OpenSSH folder at the beginning of your PATH in your RC file like this

$ export PATH=$(brew --prefix openssh)/bin:$PATH

Once you've done that and you've sourced your rc file you should be able to generate your key

Tested on macOS Monterey and OpenSSH_9.0p1, OpenSSL 1.1.1q 5 Jul 2022

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .