ssh-keygen -vvvv -t ecdsa-sk -O resident
Generating public/private ecdsa-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator:
debug3: start_helper: started pid=16581
debug3: ssh_msg_send: type 5
debug3: ssh_msg_recv entering
debug1: start_helper: starting /usr/lib/openssh/ssh-sk-helper
debug1: sshsk_enroll: provider "internal", device "(null)", application "ssh:", userid "(null)", flags 0x21, challenge len 0 with-pin
debug1: sshsk_enroll: using random challenge
debug1: sk_probe: 1 device(s) detected
debug1: sk_probe: selecting sk by touch
debug1: ssh_sk_enroll: using device /dev/hidraw2
debug1: ssh_sk_enroll: fido_dev_make_cred: FIDO_ERR_PIN_AUTH_BLOCKED
debug1: sshsk_enroll: provider "internal" returned failure -1
debug1: ssh-sk-helper: Enrollment failed: invalid format
debug1: ssh-sk-helper: reply len 8
debug3: ssh_msg_send: type 5
debug1: client_converse: helper returned error -4
debug3: reap_helper: pid=16581
Key enrollment failed: invalid format
No one had this error on Google, or at least there are no solutions for that.
What is happening? My yubikey is plugged and I tried to touch it or put the PIN
I got the same error message. Reason was that my yubikey did not have a PIN set. After setting a PIN for the yubikey with
ykman fido access change-pinI could create residential ssh keys.