Thanks to an instructive article in a recent c’t Tipps zur Optimierung Ihres SSH-Workflows (paywall) I’m playing with my FK3, ssh-keygen and Chrome.
I ran into a problem with the proposed ssh-keygen commandline:
ssh-keygen -t ed25519-sk -f /home/user/.ssh/fido2-cttest.ed25519-sk \
-O resident -O verify-required
I can see the generated key in chrome://settings/securityKeys. But when I run
ssh-keygen -t ed25519-sk -f /home/user/.ssh/fido2-cttest.ed25519-sk \
-O resident -O verify-required
to generate a second key, there is still only one key visible in Chrome:
I found no argument to ssh-keygen that could change any of the three fields.
Is this a deficiency of Chrome or a feature missing from ssh-keygen? Or am I just not able to find the right knob?