bugzilla-daemon at mindrot.org
2023-Aug-21 21:51 UTC
[Bug 3606] New: no-touch-required option refused by server
https://bugzilla.mindrot.org/show_bug.cgi?id=3606 Bug ID: 3606 Summary: no-touch-required option refused by server Product: Portable OpenSSH Version: 9.4p1 Hardware: All OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: bluebird090909 at proton.me Using a security key with the option no-touch-required is always refused by the server with the following message: error: public key ED25519-SK SHA256:2Rw..... signature for user from 10.0.2.2 port 35614 rejected: user presence (authenticator touch) requirement not met To reproduce: 1. generate key: ssh-keygen -t ed25519-sk -O resident -O verify-required -O no-touch-required -O application=ssh:test 2. add key to authorized_keys on target server 3. Connect to server with -o IdentityAgent=none (required as workaround for bug 3572) connection is refused (no further information on client side) 4. find the above mentioned error message in the journal log Both Client and Server are running Arch with OpenSSH 9.4 Used Security Key: Nitrokey 3, Firmware version: v1.5.0 -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2023-Aug-21 22:15 UTC
[Bug 3606] no-touch-required option refused by server
https://bugzilla.mindrot.org/show_bug.cgi?id=3606 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #1 from Damien Miller <djm at mindrot.org> --- Did you specify no-touch-required when you added the key to your authorized_keys file? -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2023-Aug-22 10:19 UTC
[Bug 3606] no-touch-required option refused by server
https://bugzilla.mindrot.org/show_bug.cgi?id=3606 bluebird090909 at proton.me changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |INVALID Status|NEW |RESOLVED --- Comment #2 from bluebird090909 at proton.me --- no-touch-required was missing in the authorized_keys file. Sorry for the noise. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.