bugzilla-daemon at mindrot.org
2020-Jun-07 20:11 UTC
[Bug 3178] New: When authenticating with a -sk key, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178 Bug ID: 3178 Summary: When authenticating with a -sk key, no 'touch security key' prompt displayed Product: Portable OpenSSH Version: 8.2p1 Hardware: amd64 OS: Linux Status: NEW Severity: minor Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: kanepyork at gmail.com Created attachment 3408 --> https://bugzilla.mindrot.org/attachment.cgi?id=3408&action=edit Annotated log of ssh -v demonstrating the issue When using a security key login that requires touch, no message is printed by the client or server while waiting for the touch. On security keys that support it, the light begins flashing, but this may be hard to notice. Excerpt from the attached session log: debug1: Offering public key: /home/kane/.ssh/id_ecdsa_sk ECDSA-SK SHA256:1bjhZUm1GLemKIhbwX33nP4zpLuW3VBPdH9kN1LH0bU explicit authenticator agent debug1: Server accepts key: /home/kane/.ssh/id_ecdsa_sk ECDSA-SK SHA256:1bjhZUm1GLemKIhbwX33nP4zpLuW3VBPdH9kN1LH0bU explicit authenticator agent [[ Exchange hangs until sk touch ]] Authenticated with partial success. Some component - either the ssh client binary, or the agent - should print a message along the lines of "Please touch your security key." immediately before requesting a signature from a touch-required security key. It may be awkward for the agent to determine the correct terminal to print to, so I suggest the client relying on the touch-required flag. Issue found on Ubuntu 20.04.0 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jun-07 20:31 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178 Kane <kanepyork at gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|When authenticating with a |When authenticating with a |-sk key, no 'touch security |-sk key via agent, no |key' prompt displayed |'touch security key' prompt | |displayed -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jun-07 20:33 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178 --- Comment #1 from Kane <kanepyork at gmail.com> --- This only occurs when the -sk key is added to the agent. Using `SSH_AUTH_SOCK= ssh ...`, a prompt is displayed like normal. Workaround: Block ssh-add from adding -sk keys by default. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2020-Jun-26 03:57 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #2 from Damien Miller <djm at mindrot.org> --- ssh-agent is able to notify via SSH_ASKPASS. Do you have that configured? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2020-Aug-28 03:17 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WORKSFORME --- Comment #3 from Damien Miller <djm at mindrot.org> --- Closing; this works for me. If you are able to reproduce this with an agent configured to use ssh-askpass, then please reopen. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-03 22:53 UTC
[Bug 3178] When authenticating with a -sk key via agent, no 'touch security key' prompt displayed
https://bugzilla.mindrot.org/show_bug.cgi?id=3178 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #4 from Damien Miller <djm at mindrot.org> --- close bugs that were resolved in OpenSSH 8.5 release cycle -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.