[Bug 3366] SSH should skip sk-* keys that don't match the connected security key
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Nov 22 13:48:21 AEDT 2021
https://bugzilla.mindrot.org/show_bug.cgi?id=3366
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
There is no way to test whether a given FIDO key handle belongs to a
particular token without trying to make a signature using one, so that
is what we do. If they key doesn't match the token, then the token
should not require a touch to return an error.
What tokens are you using? Can you capture a debug log (ssh -vvv ...)
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list