Yubikey not working in WASM client

[Adriano Di Luzio]

Hi there! 

I am trying to use a Yubikey through the Smart Card Connector App (as described here: https://chromium.googlesource.com/apps/libapps/+/HEAD/nassh/docs/hardware-keys.md) to SSH into hosts.

I noticed the following:

1. If I only add `--ssh-agent=gsc` to the relay options, it automatically loads the WASM program. It prompts me (the first time only) for access to the Smart Card Connector App, and then fails with the following error:

"Program exited with status code [object Object]".

The console shows the following:

terminating process due to runtime error: Error while handling syscall: TypeError: onSuccess is not a function
TypeError: onSuccess is not a function
    at SshAgentStream.asyncWrite (chrome-extension://iodihamcpbpeioajjeobimgagajmlibd/js/nassh_stream_sshagent.js:105:3)
    at UnixSocket.write (chrome-extension://iodihamcpbpeioajjeobimgagajmlibd/wassh/js/sockets.js:1523:26)
    at RemoteReceiverWasiPreview1.handle_fd_write (chrome-extension://iodihamcpbpeioajjeobimgagajmlibd/wassh/js/syscall_handler.js:299:15)
    at Background.onMessage_syscall (chrome-extension://iodihamcpbpeioajjeobimgagajmlibd/wasi-js-bindings/js/process.js:293:40)
    at Background.onMessage (chrome-extension://iodihamcpbpeioajjeobimgagajmlibd/wasi-js-bindings/js/process.js:276:28)

2. Previously, I was able to workaround the issue by setting `--ssh-client-version=pnacl` and forcing the previous client. I have recently switched to an ARM-based Chromebook and the workaround has stopped working, since the client hangs on "Loading pnacl program...".

I have tried both within Secure Shell and within the Terminal app. As far as I can tell, with no difference.

What options do I have here?

Thank you!

Best,

A

[Adriano Di Luzio]

Following up on this, I was able to hack together a few overrides that solved one JS error after the other:

1. For `onSuccess is not a function` I simply redirected it to `console.log` since it is just returning the number of bytes written. Not the most robust solution, but it allowed me to proceed.

2. Then I had to add a wait before the backend would list identities (otherwise, it would sometimes run into a race condition and not be able to enumerate to identities on the "card").

I could then verify that the agent is able to read and return to the caller the identities (with the overrides applied). 

What I cannot figure out now is why the caller (the WASM SSH client?) is not taking those identities into consideration: from the logs I can see it trying with the default ChromeOS identities, instead of those on the Yubikey.

Best,

A

[Adriano Di Luzio]

Thank Eric,

I have just tried it through overrides in the Terminal app and it is working for me as well. 

Is there any chance the pending code change could be merged? 

If not, what would be the next best thing? Re-package my own Secure Shell extension with the patch and use that instead of the terminal?

Best,

A 

On Sun, Jul 27, 2025 at 2:50 AM Eric Severance <es...@esev.com> wrote:

This might be related to https://issuetracker.google.com/issues/390673981

The pending code change, that has since been abandoned, is what is working for me.

--
You received this message because you are subscribed to the Google Groups "chromium-hterm" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-hter...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-hterm/9ee0df77-e4ea-4597-8957-1285a730b7dbn%40chromium.org.

[Eric Severance]

This might be related to https://issuetracker.google.com/issues/390673981

The pending code change, that has since been abandoned, is what is working for me.

On Sat, Jul 26, 2025 at 6:33 PM Adriano Di Luzio <adrian...@gmail.com> wrote:

--