[Bug 3355] no-touch-required flag not restored from hardware token

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Dec 8 15:44:40 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3355

--- Comment #3 from Damien Miller <djm at mindrot.org> ---
(In reply to snegrea from comment #2)
> Thanks for the insight about the FIDO standard. Could you please
> give me a pointer about where to find documentation regarding the
> standard? I did not have much luck searching.

They are at https://fidoalliance.org/specifications/download/ but
aren't especially easy to read unfortunately.

> Is there a way to set no-touch-required flag after the key is
> downloaded from the hardware? The main issue is that while the key
> is/was properly configured in the hardware token there is no way to
> correctly set this flag on the local disk files in the event of a
> restore operation. ssh relies local disk files to pick up this flag
> so if there is another way to correctly set this flag, then this
> becomes a user configuration issue.

Not at present. I'll think about how we could add this...

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list