Can't import ed25519 key with FIDO2 (YubiKey)

wachcio · June 30, 2024, 9:05pm

Hello
I am using Debian 12. My Mikrotik devices are AX2 and CRS326 with RouterOS version 7.15.1 I recently purchased YubiKey. I generated an asymmetric key ed25519 with FIDO2 support:

ssh-keygen -f ~/.ssh/mikrotikAX2Yubi -t ed25519-sk -b 521

I copied it to the router and tried to import it in system>users>SSH Keys. Unfortunately, the import failed without displaying an error. You need to reset the router to be able to change anything in the SSH settings. After restarting, the ed25519 key is added without any problems, but without FIDO2 support. The problem occurs on both of my devices. Is this a known bug?

Johann1525 · December 6, 2024, 9:59am

Hi,

i’m running 7.16.2 on a CCR2004-1G-12S+2XS and i get an error when i try to import a ed25519-sk key. Unfortunately i assume they just have not implemented it (yet).

I’d love to see this functionality.

infabo · December 6, 2024, 11:24pm

It is not a bug. ed25519-sk is just not supported. Only recently the have added ed25519 support.

MichaelHallager · January 5, 2026, 12:25pm

Coming in 7.21

*) ssh - added support for ED25519-SK keys;

infabo · January 5, 2026, 1:11pm

And it works. Tested on 7.21rc4.