thr3ads.net - openssh bugs - [Bug 3606] New: no-touch-required option refused by server [Aug 2023]

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at mindrot.org

2023-Aug-21 21:51 UTC

[Bug 3606] New: no-touch-required option refused by server

https://bugzilla.mindrot.org/show_bug.cgi?id=3606

            Bug ID: 3606
           Summary: no-touch-required option refused by server
           Product: Portable OpenSSH
           Version: 9.4p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bluebird090909 at proton.me

Using a security key with the option no-touch-required is always
refused by the server with the following message:

error: public key ED25519-SK SHA256:2Rw..... signature for user from
10.0.2.2 port 35614 rejected: user presence (authenticator touch)
requirement not met



To reproduce:


1. generate key:
ssh-keygen -t ed25519-sk -O resident -O verify-required -O
no-touch-required -O application=ssh:test

2. add key to authorized_keys on target server

3. Connect to server with -o IdentityAgent=none (required as workaround
for bug 3572)

connection is refused (no further information on client side)

4. find the above mentioned error message in the journal log


Both Client and Server are running Arch with OpenSSH 9.4 
Used Security Key: Nitrokey 3, Firmware version: v1.5.0

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

bugzilla-daemon at mindrot.org

2023-Aug-21 22:15 UTC

head link

[Bug 3606] no-touch-required option refused by server

https://bugzilla.mindrot.org/show_bug.cgi?id=3606

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Did you specify no-touch-required when you added the key to your
authorized_keys file?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

bugzilla-daemon at mindrot.org

2023-Aug-22 10:19 UTC

head link

[Bug 3606] no-touch-required option refused by server

https://bugzilla.mindrot.org/show_bug.cgi?id=3606

bluebird090909 at proton.me changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|NEW                         |RESOLVED

--- Comment #2 from bluebird090909 at proton.me ---
no-touch-required was missing in the authorized_keys file.

Sorry for the noise.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

openssh bugs - Aug 2023 - [Bug 3606] New: no-touch-required option refused by server

[Bug 3606] New: no-touch-required option refused by server

[Bug 3606] no-touch-required option refused by server

[Bug 3606] no-touch-required option refused by server