Follow-up from Reddit thread.`
2 views
Skip to first unread message
Dan Linder
Jun 22, 2026, 5:23:02 PM (yesterday) Jun 22
to conduit-closed-test
I opened this thread in Reddit:
I was getting the error - following the same copy-and-paste steps a few times to ensure I was reporting something actionable.
And as luck would have it, while re-running all my steps (for about the 10th time), it worked - and I don't know what I was doing differently.
TL;DR: For future me (or others like me), here's exactly what I did DOES work:
And as luck would have it, while re-running all my steps (for about the 10th time), it worked - and I don't know what I was doing differently.
TL;DR: For future me (or others like me), here's exactly what I did DOES work:
```
$ cat /etc/fedora-release
Fedora release 44 (Forty Four)
$ cat /etc/fedora-release
Fedora release 44 (Forty Four)
$ rpm -qf $(which ssh-keygen)
openssh-10.2p1-10.fc44.x86_64
openssh-10.2p1-10.fc44.x86_64
$ ykman info | sed -e 's/Serial number: .*/Serial number: [redacted]/g'
Device type: YubiKey 5C NFC
Serial number: [redacted]
Firmware version: 5.7.4
Form factor: Keychain (USB-C)
Enabled USB interfaces: OTP, FIDO, CCID
NFC transport is enabled
Applications USB NFC
Yubico OTP Enabled Enabled
FIDO U2F Enabled Enabled
FIDO2 Enabled Enabled
OATH Enabled Enabled
PIV Enabled Enabled
OpenPGP Enabled Enabled
YubiHSM Auth Enabled Enabled
Device type: YubiKey 5C NFC
Serial number: [redacted]
Firmware version: 5.7.4
Form factor: Keychain (USB-C)
Enabled USB interfaces: OTP, FIDO, CCID
NFC transport is enabled
Applications USB NFC
Yubico OTP Enabled Enabled
FIDO U2F Enabled Enabled
FIDO2 Enabled Enabled
OATH Enabled Enabled
PIV Enabled Enabled
OpenPGP Enabled Enabled
YubiHSM Auth Enabled Enabled
$ rm -f /tmp/trash_key*
$ ssh-keygen -t ed25519-sk -O resident -O verify-required -C "Testing USB-C/NFC" -f /tmp/trash_key
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator:
You may need to touch your authenticator again to authorize key generation.
A resident key scoped to 'ssh:' with user id 'null' already exists.
Overwrite key in token (y/n)? y
You may need to touch your authenticator again to authorize key generation.
Enter passphrase for "/tmp/trash_key" (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/trash_key
Your public key has been saved in /tmp/trash_key.pub
The key fingerprint is:
SHA256:7ZzWG5tXFvFsc9csu79VTfqTAl3ukJP5uIJuZ91T+YM Testing USB-C/NFC
The key's randomart image is:
+[ED25519-SK 256]-+
| |
| . |
| +=|
| . . B=X|
| S .. B.=O|
| o o. Bo*|
| * +ooO=|
| + + E=++|
| o.o =o o=|
+----[SHA256]-----+
Generating public/private ed25519-sk key pair.
You may need to touch your authenticator to authorize key generation.
Enter PIN for authenticator:
You may need to touch your authenticator again to authorize key generation.
A resident key scoped to 'ssh:' with user id 'null' already exists.
Overwrite key in token (y/n)? y
You may need to touch your authenticator again to authorize key generation.
Enter passphrase for "/tmp/trash_key" (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /tmp/trash_key
Your public key has been saved in /tmp/trash_key.pub
The key fingerprint is:
SHA256:7ZzWG5tXFvFsc9csu79VTfqTAl3ukJP5uIJuZ91T+YM Testing USB-C/NFC
The key's randomart image is:
+[ED25519-SK 256]-+
| |
| . |
| +=|
| . . B=X|
| S .. B.=O|
| o o. Bo*|
| * +ooO=|
| + + E=++|
| o.o =o o=|
+----[SHA256]-----+
$ more /tmp/trash_key* | cat
::::::::::::::
/tmp/trash_key
::::::::::::::
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2
gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACA5RugmnUG8HTJe0SobQcNRgfJq5EzGBwdLSC9/
n75QuQAAAARzc2g6AAAAoJzNTHiczUx4AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2
9tAAAAIDlG6CadQbwdMl7RKhtBw1GB8mrkTMYHB0tIL3+fvlC5AAAABHNzaDo1AAAAMDlG
6CadQbwdMl7RKhuBzTsJpdEtCNiTNPHJz9lSB3FioVy+t1y41NvG0B5ozG0cCgAAAAAAAA
ARVGVzdGluZyBVU0ItQy9ORkM=
-----END OPENSSH PRIVATE KEY-----
::::::::::::::
/tmp/trash_key.pub
::::::::::::::
sk-ssh-...@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDlG6CadQbwdMl7RKhtBw1GB8mrkTMYHB0tIL3+fvlC5AAAABHNzaDo= Testing USB-C/NFC
$
::::::::::::::
/tmp/trash_key
::::::::::::::
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAASgAAABpzay1zc2
gtZWQyNTUxOUBvcGVuc3NoLmNvbQAAACA5RugmnUG8HTJe0SobQcNRgfJq5EzGBwdLSC9/
n75QuQAAAARzc2g6AAAAoJzNTHiczUx4AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY2
9tAAAAIDlG6CadQbwdMl7RKhtBw1GB8mrkTMYHB0tIL3+fvlC5AAAABHNzaDo1AAAAMDlG
6CadQbwdMl7RKhuBzTsJpdEtCNiTNPHJz9lSB3FioVy+t1y41NvG0B5ozG0cCgAAAAAAAA
ARVGVzdGluZyBVU0ItQy9ORkM=
-----END OPENSSH PRIVATE KEY-----
::::::::::::::
/tmp/trash_key.pub
::::::::::::::
sk-ssh-...@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDlG6CadQbwdMl7RKhtBw1GB8mrkTMYHB0tIL3+fvlC5AAAABHNzaDo= Testing USB-C/NFC
$
```
I then copied the contents of the `/tmp/trash_key` file into the "OpenSSH hardware key stub" box in Conduit. For a while I got the "Paste a valid OpenSSH *_sk key stub." error message when pasting into the box, but now it's ok.
It must have been some extra paste 'garbage' but I cannot recreate it now.
It must have been some extra paste 'garbage' but I cannot recreate it now.
Reply all
Reply to author
Forward
0 new messages