FIDO fails when requests to confirm on ssh, but works fine for ssh-keygen

[w7rus]

For key generation i use following:
SSH_SK_PROVIDER=libwindowsfidobridge.so ssh-keygen -t ecdsa-sk -Oapplication=ssh:windows-fido-bridge-verify-required

Then it asks me to confirm the key, with success.

Then i add public key to the server, with verify-required before the key and save the file

And finally try to connect to my server via ssh -oSecurityKeyProvider=libwindowsfidobridge.so *****@*.*.*.*
which results into this:

Confirm user presence for key ECDSA-SK SHA256:NkBUzghWtXZDS415hNnZlGu1aJIXFE1U0evIhsXej6U
[2022-01-25 23:37:11.057] [wfb-middleware] [debug] Parameters from OpenSSH:
[2022-01-25 23:37:11.057] [wfb-middleware] [debug]     Algorithm: 0
[2022-01-25 23:37:11.057] [wfb-middleware] [debug]     Data:
[2022-01-25 23:37:11.057] [wfb-middleware] [debug]       |        0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
[2022-01-25 23:37:11.057] [wfb-middleware] [debug]       | 0000: 00 00 00 20 5a 15 64 a4 8a 45 b0 0d 77 50 e0 d0  ... Z.d..E..wP..
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0010: 6a cc 7a ec fe ea a4 43 52 45 1a 5f bb e1 0d ac  j.z....CRE._....
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0020: 2f 29 d9 d5 32 00 00 00 05 61 64 6d 69 6e 00 00  /)..2....admin..
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0030: 00 0e 73 73 68 2d 63 6f 6e 6e 65 63 74 69 6f 6e  ..ssh-connection
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0040: 00 00 00 09 70 75 62 6c 69 63 6b 65 79 01 00 00  ....publickey...
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0050: 00 22 73 6b 2d 65 63 64 73 61 2d 73 68 61 32 2d  ."sk-ecdsa-sha2-
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0060: 6e 69 73 74 70 32 35 36 40 6f 70 65 6e 73 73 68  nistp256@openssh
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0070: 2e 63 6f 6d 00 00 00 a2 00 00 00 22 73 6b 2d 65  .com......."sk-e
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0080: 63 64 73 61 2d 73 68 61 32 2d 6e 69 73 74 70 32  cdsa-sha2-nistp2
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0090: 35 36 40 6f 70 65 6e 73 73 68 2e 63 6f 6d 00 00  [email protected]..
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 00a0: 00 08 6e 69 73 74 70 32 35 36 00 00 00 41 04 34  ..nistp256...A.4
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 00b0: 88 81 ea e6 1f 08 12 1b 78 6d 9e 9f 13 cd 66 a7  ........xm....f.
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 00c0: d2 6a a6 1f 12 c1 fc 30 2a 79 3b 6f d9 1e 0a 9e  .j.....0*y;o....
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 00d0: f1 c8 1e 7b 86 5e 4d 8f 3d de b0 ff 9d 0a a1 25  ...{.^M.=......%
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 00e0: 2a 63 1f 33 bc f4 5c 22 71 90 a9 bd 87 40 8b 00  *c.3..\"q....@..
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 00f0: 00 00 27 73 73 68 3a 77 69 6e 64 6f 77 73 2d 66  ..'ssh:windows-f
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0100: 69 64 6f 2d 62 72 69 64 67 65 2d 76 65 72 69 66  ido-bridge-verif
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0110: 79 2d 72 65 71 75 69 72 65 64                    y-required
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]     Application: "ssh:windows-fido-bridge-verify-required"
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]     Key handle:
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       |        0  1  2  3  4  5  6  7  8  9  a  b  c  d  e  f
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0000: ec 68 9d 51 79 ab 48 b1 16 72 21 1c f3 fc 09 6c  .h.Qy.H..r!....l
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0010: 19 86 68 aa 98 89 06 ad 9c ec e4 07 9b 5c 2e 1f  ..h..........\..
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0020: 75 8f d1 10 27 41 b1 d8 1b 99 17 b9 b3 b4 40 ff  u...'A........@.
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0030: 8a 82 3d ea 6f ad eb fd d2 cb 63 01 75 bb 90 c4  ..=.o.....c.u...
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]       | 0040: f9 87 e8 18 f4 00                                ......
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]     Flags: 0b00000001
[2022-01-25 23:37:11.058] [wfb-middleware] [debug]     PIN: (not present)
[2022-01-25 23:37:11.058] [wfb-middleware] [debug] Forcing user verification because the environment variable "WINDOWS_FIDO_BRIDGE_FORCE_USER_VERIFICATION" is set to any value
terminate called after throwing an instance of 'std::system_error'
  what():  Failed to get WebAuthN assertion (NotAllowedError): The operation was canceled by the user.
terminate called after throwing an instance of 'std::runtime_error'
  what():  End of stream
client_converse: receive: unexpected internal error
reap_helper: helper exited abnormally
sign_and_send_pubkey: signing failed for ECDSA-SK "/home/w7rus/.ssh/id_ecdsa_sk": unexpected internal error

I use OnlyKey as a FIDO key, running debug multiple times shows no difference in the output.

[japtain-cack]

I got it working using the command in this alias I made.
alias ssho="ssh -oIdentitiesOnly=yes -oSecurityKeyProvider=/usr/local/lib/libwindowsfidobridge.so -i ~/.ssh/onlykey"

You want it to use a specific key, and disregard what's loaded in the agent already. IdentitiesOnly=yes does this. I also have to specify the full path to the libwindowsfidobridge.so, presumably because it's not in my path, but that's fine.

Also, this was good advice. Increased the speed of the windows hello popup. Now it's instant.