[Bug 3366] SSH should skip sk-* keys that don't match the connected security key

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Nov 22 13:48:21 AEDT 2021


https://bugzilla.mindrot.org/show_bug.cgi?id=3366

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
There is no way to test whether a given FIDO key handle belongs to a
particular token without trying to make a signature using one, so that
is what we do. If they key doesn't match the token, then the token
should not require a touch to return an error.

What tokens are you using? Can you capture a debug log (ssh -vvv ...)

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list