I'm using a YubiKey 5Ci FIPS (firmware 5.4.2) and have Git Version 2.32.0.windows.1 installed on my Surface Book running Windows 10 (21H1). I want to be able to use the Security Key to authenicate with GitHub.
I've been able to create a new SSH key using:
ssh-keygen -t ed25519-sk -C <email address>
From here I copy the contents of id_ed25519_sk.pub to my GitHub account.
Everything up to here works fine. However when it comes to doing a fetch or push, I'm unable to use the new key. Running ssh-add -l shows the corrcet account, however I receive the following error:
sign_and_send_pubkey: signing failed for ED25519-SK "/c/Users/markp/.ssh/id_ed25519_sk" from agent: agent refused operation
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
There's nothing to prompt me to touch the YubiKey to verify the request. From GitHub, the new SSH Key reports and never being used.
I've seen various articles online, however I haven't been able to resolve the issue - can anyone help?
Edit The output from env | grep SSH is:
SSH_AUTH_SOCK=/tmp/ssh-j70Yyd6E8tgs/agent.507
SSH_AGENT_PID=508
PATH=/c/Users/markp/bin:/usr/local/bin:/usr/bin:/bin:/opt/bin:/c/Program Files/WindowsApps/Microsoft.WindowsTerminal_1.7.1033.0_x64__8wekyb3d8bbwe:/c/Python39/Scripts:/c/Python39:/c/Program Files (x86)/Common Files/Oracle/Java/javapath:/c/WINDOWS/system32:/c/WINDOWS:/c/WINDOWS/System32/Wbem:/c/WINDOWS/System32/WindowsPowerShell/v1.0:/c/WINDOWS/System32/OpenSSH:/c/Program Files (x86)/Microsoft SQL Server/Client SDK/ODBC/130/Tools/Binn:/c/Program Files (x86)/Microsoft SQL Server/140/Tools/Binn:/c/Program Files (x86)/Microsoft SQL Server/140/DTS/Binn:/c/Program Files (x86)/Microsoft SQL Server/140/Tools/Binn/ManagementStudio:/c/Program Files/Microsoft SQL Server/130/Tools/Binn:/c/Program Files/Microsoft/Web Platform Installer:/c/Program Files/dotnet:/c/Program Files (x86)/Microsoft SQL Server/110/DTS/Binn:/c/Program Files (x86)/Microsoft SQL Server/120/DTS/Binn:/c/Program Files (x86)/Microsoft SQL Server/130/DTS/Binn:/c/Program Files (x86)/Microsoft SQL Server/150/DTS/Binn:/c/Program Files/Microsoft SQL Server/Client SDK/ODBC/170/Tools/Binn:/c/Program Files/nodejs:/c/ProgramData/chocolatey/bin:/c/Program Files/PowerShell/7:/c/Program Files/TortoiseGit/bin:/c/Program Files/Azure Data Studio/bin:/c/Program Files (x86)/dotnet:/c/Program Files/Git/cmd:/c/Users/markp/AppData/Local/Microsoft/WindowsApps:/c/ProgramData/markp/GitHubDesktop/bin:/c/Users/markp/.dotnet/tools:/c/Users/markp/AppData/Local/Microsoft/WindowsApps:/c/Users/markp/.dotnet/tools:/c/Users/markp/AppData/Roaming/npm:/c/Program Files (x86)/GitHub CLI:/c/Program Files/Azure Data Studio/bin:/usr/bin/vendor_perl:/usr/bin/core_perl
ORIGINAL_PATH=/c/Program Files/WindowsApps/Microsoft.WindowsTerminal_1.7.1033.0_x64__8wekyb3d8bbwe:/c/Python39/Scripts:/c/Python39:/c/Program Files (x86)/Common Files/Oracle/Java/javapath:/c/WINDOWS/system32:/c/WINDOWS:/c/WINDOWS/System32/Wbem:/c/WINDOWS/System32/WindowsPowerShell/v1.0:/c/WINDOWS/System32/OpenSSH:/c/Program Files (x86)/Microsoft SQL Server/Client SDK/ODBC/130/Tools/Binn:/c/Program Files (x86)/Microsoft SQL Server/140/Tools/Binn:/c/Program Files (x86)/Microsoft SQL Server/140/DTS/Binn:/c/Program Files (x86)/Microsoft SQL Server/140/Tools/Binn/ManagementStudio:/c/Program Files/Microsoft SQL Server/130/Tools/Binn:/c/Program Files/Microsoft/Web Platform Installer:/c/Program Files/dotnet:/c/Program Files (x86)/Microsoft SQL Server/110/DTS/Binn:/c/Program Files (x86)/Microsoft SQL Server/120/DTS/Binn:/c/Program Files (x86)/Microsoft SQL Server/130/DTS/Binn:/c/Program Files (x86)/Microsoft SQL Server/150/DTS/Binn:/c/Program Files/Microsoft SQL Server/Client SDK/ODBC/170/Tools/Binn:/c/Program Files/nodejs:/c/ProgramData/chocolatey/bin:/c/Program Files/PowerShell/7:/c/Program Files/TortoiseGit/bin:/c/Program Files/Azure Data Studio/bin:/c/Program Files (x86)/dotnet:/c/Program Files/Git/cmd:/c/Users/markp/AppData/Local/Microsoft/WindowsApps:/c/ProgramData/markp/GitHubDesktop/bin:/c/Users/markp/.dotnet/tools:/c/Users/markp/AppData/Local/Microsoft/WindowsApps:/c/Users/markp/.dotnet/tools:/c/Users/markp/AppData/Roaming/npm:/c/Program Files (x86)/GitHub CLI:/c/Program Files/Azure Data Studio/bin
I am not sure exactly the Windows equivalent of this, however as someone who landed on this trying to solve the same problem but for macOS I figured I would drop a reply in for future folks. The same theory probably applies to Window.
For Linux/macOS the issue causing the agent failure is that the permissions on the folder and files are too permissive (why the error message couldn't just say that who knows!). The fix is simple, from this answer on Ask Ubuntu
Then using
ssh-addworks as expected and Github will happily interact with me again!