FIDO_ERR_USER_PRESENCE_REQUIRED error with U2F key

[michaelforney]

I was testing security-key support with the latest git version of openssh and libfido2, and ran into this error:

Confirm user presence for key ECDSA-SK SHA256:ojdFtKf/ion/Tmh+VNa3fon4WL7eAFf+p6zSIDDbsNE
debug1: sshsk_open: provider builtin implements version 0x00020000
find_device: found 1 device(s)
find_device: trying device 0: /dev/hidraw0
<tx and rx logs snipped>
u2f_authenticate_single: checking for key existence only
u2f_authenticate: u2f_authenticate_single
try_device: fido_dev_get_assert: FIDO_ERR_USER_PRESENCE_REQUIRED
sk_sign: couldn't find device for key handle
debug1: sshsk_sign: sk_sign failed with code -1
debug1: identity_sign: sshkey_sign: unexpected internal error
sign_and_send_pubkey: signing failed: unexpected internal error

My security key is an older YubiKey NEO, which only supports U2F, not FIDO2. It looks like this error is because try_device does fido_assert_set_up(assert, FIDO_OPT_FALSE), but u2f_authenticate_single returns an error (FIDO_ERR_USER_PRESENCE_REQUIRED) in that case.

[djm-google]

Discussion and patch here: https://marc.info/?l=openssh-unix-dev&m=157378493923344

[martelletto]

Patch committed in 1bb3bec; thanks for the report & fix!