Displaying 20 results from an estimated 20000 matches similar to: "ssh-agent hides sk "confirm user presence" message"
2023 Oct 16
2
ssh-agent hides sk "confirm user presence" message
On Mon, 16 Oct 2023, openssh at tr.id.au wrote:
> Hey there,
>
> I've noticed some unexpected behavior when I occasionally need to forward an ed25519-sk key with ssh-agent. When using the key without an agent, it prompts with a reminder to touch the key:
>
> $ ssh user at remote
> Confirm user presence for key ED25519-SK MD5:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
2023 Oct 16
2
ssh-agent hides sk "confirm user presence" message
Hey Damien,
> Generally we prefer to use ssh-askpass for agent notifications. Are you able to use that?
Hmm, okay, but it's not clear to me how to make that work. Is what you have in mind documented somewhere? I don't see this specific situation covered in the manpages and a web search doesn't turn up much.
I thought ssh-askpass was only invoked when the key is first added to the
2023 Oct 16
1
ssh-agent hides sk "confirm user presence" message
On 16.10.23 04:59, Damien Miller wrote:
> On Mon, 16 Oct 2023, openssh at tr.id.au wrote:
>> When using the key without an agent, it prompts with a reminder to touch the key:
>>
>> $ ssh user at remote
>> Confirm user presence for key ED25519-SK MD5:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
[...]
>> But as soon as I add the key to an agent, it now hides that
2020 Jan 11
2
interoperability issue with agent and ecdsa-sk keys
Hi,
It seems that some versions of ssh-agent get confused by ECDSA-SK
keys.
>From my OpenBSD-current laptop, I'm trying to do remote system
adminstration on a machine running Debian 8 with
the stock ssh package (OpenSSH_6.7p1 Debian-5+deb8u8, OpenSSL 1.0.2l
25 May 2017). I need access to a remote gitlab server to fetch files
with git, using an ED25519 key in my ssh-agent.
Once connected
2019 Dec 07
2
Agent protocol changes related to U2F/FIDO2 keys
I spent some time today implementing support for loading U2F keys into the SSH agent from my AsyncSSH library. I got it working, but along the way I ran into a few issues I wanted to report:
First, it looks like the value of SSH_AGENT_CONSTRAIN_EXTENSION has changed from the value 3 defined at https://tools.ietf.org/html/draft-miller-ssh-agent-02
2015 Jan 09
2
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
On Fri, Jan 09, 2015 at 13:00:10 -0800, grantksupport at operamail.com wrote:
> Hi
>
> On Fri, Jan 9, 2015, at 12:34 PM, Mark Hahn wrote:
> > >> The one you are missing is EnableSSHKeysign.
> >
> > I suppose it's worth asking: is your ssh-keysign suid root
> > (and are the permissions on your host keys sufficiently tight)?
>
> Note that
2015 Oct 08
3
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
Thomas Calderon <calderon.thomas at gmail.com> writes:
> Hi,
>
> There is no need to add new mechanism identifiers to use specific curves.
>
> This can be done already using the CKM_ECDSA mechanism parameters (see
> CKA_ECDSA_PARAMS
> in the standard).
> Given that the underlying HW or SW tokens supports Ed25519 curves, then you
> could leverage it even with
2023 May 14
18
[Bug 3572] New: ssh-agent refused operation when using FIDO2 with -O verify-required
https://bugzilla.mindrot.org/show_bug.cgi?id=3572
Bug ID: 3572
Summary: ssh-agent refused operation when using FIDO2 with -O
verify-required
Product: Portable OpenSSH
Version: 9.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component:
2015 Oct 08
2
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
On 10/8/2015 4:49 AM, Simon Josefsson wrote:
> Mathias Brossard <mathias at brossard.org> writes:
>
>> Hi,
>>
>> I have made a patch for enabling the use of ECDSA keys in the PKCS#11
>> support of ssh-agent which will be of interest to other users.
>
> Nice! What would it take to add support for Ed25519 too? Do we need to
> allocate any new PKCS#11
2015 Jan 09
4
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
On Fri, Jan 09, 2015 at 12:22:00 -0800, grantksupport at operamail.com wrote:
> @client
>
> as root (as before)
>
> ssh server.DOMAIN.COM
> Permission denied (hostbased).
>
> instead, as my user, fails differently for some reason,
>
> ssh server.DOMAIN.COM
> ...
> no matching hostkey found for key ED25519
2021 Jan 18
4
[Bug 3253] New: ssh-keygen man page still lists deprecated key types for -t
https://bugzilla.mindrot.org/show_bug.cgi?id=3253
Bug ID: 3253
Summary: ssh-keygen man page still lists deprecated key types
for -t
Product: Portable OpenSSH
Version: 8.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: minor
Priority: P5
Component: ssh-keygen
2020 Jul 21
11
[RFC PATCH 0/4] PAM module for ssh-agent user authentication
Hi,
The main (and probably the only) use case of this PAM module is to let
sudo authenticate users via their ssh-agent, therefore without having
to type any password and without being tempted to use the NOPASSWD sudo
option for such convenience.
The principle is originally implemented by an existing module [0][1]
and many pages that explain how to use it for such purpose can be
found online.
2023 Jun 05
8
[Bug 3577] New: CASignatureAlgorithms supports -cert alogrithms
https://bugzilla.mindrot.org/show_bug.cgi?id=3577
Bug ID: 3577
Summary: CASignatureAlgorithms supports -cert alogrithms
Product: Portable OpenSSH
Version: 9.3p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at
2008 May 02
4
Functions vs. Module Plugins vs. Facts
Hey all,
I am trying to get a modified hostname (converting "blah-1234567" to
"1234567") to use in my manifests and templates. I have it working for
templates by using Ruby (*<%= hostname.split(''-'').pop.downcase %>*) but I
haven''t been able to use it in manifests because they don''t process ERB.
The way I see it I could do one of two
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
I run OpenSSH on linux
@ client
which ssh
/usr/local/bin/ssh
ssh -v
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
@ server
which sshd
/usr/local/bin/sshd
sshd -v
unknown option -- V
OpenSSH_6.7p1, OpenSSL 1.0.1j 15 Oct 2014
usage: sshd [-46DdeiqTt] [-b bits] [-C connection_spec] [-c host_cert_file]
[-E log_file] [-f config_file] [-g login_grace_time]
2015 Jan 09
5
OpenSSH_6.7p1 hostbased authentication failing on linux->linux connection. what's wrong with my config?
Hi,
On Fri, Jan 9, 2015, at 10:48 AM, Tim Rice wrote:
> My ssh_config has
> Host *
> HostbasedAuthentication yes
> EnableSSHKeysign yes
> NoHostAuthenticationForLocalhost yes
>
> NoHostAuthenticationForLocalhost is not necessary.
> The one you are missing is EnableSSHKeysign.
>
> Additionally, you made no mention of your ssh_known_hosts files. Make
> sure
2024 Sep 11
4
[Bug 3733] New: "forced command options do not match" after key error
https://bugzilla.mindrot.org/show_bug.cgi?id=3733
Bug ID: 3733
Summary: "forced command options do not match" after key error
Product: Portable OpenSSH
Version: 9.8p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: sshd
Assignee:
2024 Oct 18
2
Confusion using "ssh-add -D" and then "ssh-add -l"
I'm confused by the following:-
rcfg at q957$ ssh-add -l
256 SHA256:gl9l9m/xnYpL9P7WkL60L+FcJ0+r2c5Ci770p9VEC08 chris at q957 (ED25519)
256 SHA256:4XDYbepg8zK43pofpQ8IGxMAXkej298a0XZHWjJTIQQ chris at q957 (ED25519)
3072 SHA256:yeQw8xe9rrxHKLqICoXNwReZKKV9HI1UeTCf95QywXM chris at t470 (RSA)
256 SHA256:dluRgJeTqJ32jKxRrSdjr/cibbIOZQeq8Inlna3+Sdw chris at q957 (ED25519)
2012 Dec 24
3
Not able to install puppet enterprise onn agent node using install command.
Hi,
I have created an agent node from a master node using below command.
puppet node_aws create --image ami-cc5af9a5 --keyname icos-client --type
ti.micro
Now as i am trying to install puppet on it using below command
puppet node install \
--install-script=puppet-
enterprise \
--installer-payload=/usr/local/puppet/puppet-2.7.0.tar.gz \
--installer-answers=/usr/local/puppet/agent.txt \
2014 Dec 23
3
chaining AUTH methods -- adding GoogleAuthenticator 2nd Factor to pubkey auth? can't get the GA prompt :-/
On Sun, Dec 21, 2014 at 5:25 PM, Damien Miller <djm at mindrot.org> wrote:
> On Fri, 19 Dec 2014, Dmt Ops wrote:
>
> > I added an EXPLICIT
> >
> > AuthenticationMethods publickey,keyboard-interactive
> > + UsePam yes
> >
> > to sshd_config. Now, at connect attempt I get
> >
> > Password:
> > Verification code:
> >