search for: cc79

...is required [0]. > > ssh-agent will prompt via $SSH_ASKPASS if you have it configured. Evidently my setup has some problem, I don't see any dialog. I'll investigate. Thanks. Dom -- rsa4096: 3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13 ed25519: FFB4 0CC3 7F2E 091D F7DA 356E CC79 2832 ED38 CB05

...d for educating users towards better solutions, when available, and anyway practically improve the security of the status quo. Superior solutions are not very useful if not widely adopted. Dom -- rsa4096: 3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13 ed25519: FFB4 0CC3 7F2E 091D F7DA 356E CC79 2832 ED38 CB05

...e protocol extension yet to be implemented), then it would show a prompt just before requesting the operation to the agent server. Dom [0] https://tools.ietf.org/html/draft-miller-ssh-agent-04 -- rsa4096: 3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13 ed25519: FFB4 0CC3 7F2E 091D F7DA 356E CC79 2832 ED38 CB05

...also asking to the Linux PAM people to double-check my usage of PAM. Regards, Domenico [0] https://github.com/jbeverly/pam_ssh_agent_auth [1] https://sourceforge.net/projects/pamsshagentauth/ -- rsa4096: 3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13 ed25519: FFB4 0CC3 7F2E 091D F7DA 356E CC79 2832 ED38 CB05

I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it works. However, it does not do PIN enforcement at SSH login. It only requests the PIN during the set-up process (when the key is being generated). Is that the way it's supposed to work? Frank

How 'bout PAM? /usr/ports/security/pam_ldap. If you have machines that can't do PAM, perhaps NIS is the way to go (assuming, of course, you're behind a firewall). You can store login information in LDAP like you want, then use a home-grown script to extract the information to a NIS map. Or, if you have a Solaris 8 machine lying around, you can cut out the middle step and use