[FEAT] - Support for ecdsa-sk and ed25519-sk

[crabhi]

Is this feature for paramiko acting as a client or a server?

Client

What functionality does this feature request relate to?

Keys/auth

For client-side features, does this relate to a specific type of SSH server?

OpenSSH

If you're using paramiko as part of another tool, which tool/version?

Fabric, Ansible

Desired behavior

Openssh v.8.2 added support for FIDO/U2F tokens introducing sk-ssh-ed25519@openssh.com and sk-ssh-ecdsa@openssh.com. See: https://www.openssh.com/txt/release-8.2

When such a key is present in the SSH agent, the client connection fails with (traceback from Ansible, but Fabric fails similarly)

Traceback (most recent call last):
  File "/home/krab/.virtualenvs/ansible/lib/python3.10/site-packages/paramiko/transport.py", line 2185, in run
    handler(m)
  File "/home/krab/.virtualenvs/ansible/lib/python3.10/site-packages/paramiko/auth_handler.py", line 394, in _parse_service_accept
    key_type, bits = self._get_key_type_and_bits(self.private_key)
  File "/home/krab/.virtualenvs/ansible/lib/python3.10/site-packages/paramiko/auth_handler.py", line 218, in _get_key_type_and_bits
    if key.public_blob:
  File "/home/krab/.virtualenvs/ansible/lib/python3.10/site-packages/paramiko/agent.py", line 476, in __getattr__
    raise AttributeError(name)
AttributeError: public_blob

It would be nice if this type of keys would be supported and Paramiko could be used instead of the OpenSSH client.

Anything else?

No response

[jakubman1]

Hi,
is there any progress on this issue?
Thanks.