[Bug 3606] New: no-touch-required option refused by server

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Aug 22 07:51:13 AEST 2023


            Bug ID: 3606
           Summary: no-touch-required option refused by server
           Product: Portable OpenSSH
           Version: 9.4p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bluebird090909 at proton.me

Using a security key with the option no-touch-required is always
refused by the server with the following message:

error: public key ED25519-SK SHA256:2Rw..... signature for user from port 35614 rejected: user presence (authenticator touch)
requirement not met

To reproduce:

1. generate key:
ssh-keygen -t ed25519-sk -O resident -O verify-required -O
no-touch-required -O application=ssh:test

2. add key to authorized_keys on target server

3. Connect to server with -o IdentityAgent=none (required as workaround
for bug 3572)

connection is refused (no further information on client side)

4. find the above mentioned error message in the journal log

Both Client and Server are running Arch with OpenSSH 9.4 
Used Security Key: Nitrokey 3, Firmware version: v1.5.0

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list