bugzilla-daemon at mindrot.org
2020-Jun-07 20:11 UTC
[Bug 3178] New: When authenticating with a -sk key, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178
Bug ID: 3178
Summary: When authenticating with a -sk key, no 'touch security
key' prompt displayed
Product: Portable OpenSSH
Version: 8.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: kanepyork at gmail.com
Created attachment 3408
--> https://bugzilla.mindrot.org/attachment.cgi?id=3408&action=edit
Annotated log of ssh -v demonstrating the issue
When using a security key login that requires touch, no message is
printed by the client or server while waiting for the touch. On
security keys that support it, the light begins flashing, but this may
be hard to notice.
Excerpt from the attached session log:
debug1: Offering public key: /home/kane/.ssh/id_ecdsa_sk ECDSA-SK
SHA256:1bjhZUm1GLemKIhbwX33nP4zpLuW3VBPdH9kN1LH0bU explicit
authenticator agent
debug1: Server accepts key: /home/kane/.ssh/id_ecdsa_sk ECDSA-SK
SHA256:1bjhZUm1GLemKIhbwX33nP4zpLuW3VBPdH9kN1LH0bU explicit
authenticator agent
[[ Exchange hangs until sk touch ]]
Authenticated with partial success.
Some component - either the ssh client binary, or the agent - should
print a message along the lines of "Please touch your security key."
immediately before requesting a signature from a touch-required
security key. It may be awkward for the agent to determine the correct
terminal to print to, so I suggest the client relying on the
touch-required flag.
Issue found on Ubuntu 20.04.0
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jun-07 20:31 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178
Kane <kanepyork at gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|When authenticating with a |When authenticating with a
|-sk key, no 'touch security |-sk key via agent, no
|key' prompt displayed |'touch security
key' prompt
| |displayed
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jun-07 20:33 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178 --- Comment #1 from Kane <kanepyork at gmail.com> --- This only occurs when the -sk key is added to the agent. Using `SSH_AUTH_SOCK= ssh ...`, a prompt is displayed like normal. Workaround: Block ssh-add from adding -sk keys by default. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jun-26 03:57 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
ssh-agent is able to notify via SSH_ASKPASS. Do you have that
configured?
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Aug-28 03:17 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |WORKSFORME
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
Closing; this works for me. If you are able to reproduce this with an
agent configured to use ssh-askpass, then please reopen.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-03 22:53 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #4 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.