[Bug 3606] New: no-touch-required option refused by server
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Aug 22 07:51:13 AEST 2023
https://bugzilla.mindrot.org/show_bug.cgi?id=3606
Bug ID: 3606
Summary: no-touch-required option refused by server
Product: Portable OpenSSH
Version: 9.4p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: bluebird090909 at proton.me
Using a security key with the option no-touch-required is always
refused by the server with the following message:
error: public key ED25519-SK SHA256:2Rw..... signature for user from
10.0.2.2 port 35614 rejected: user presence (authenticator touch)
requirement not met
To reproduce:
1. generate key:
ssh-keygen -t ed25519-sk -O resident -O verify-required -O
no-touch-required -O application=ssh:test
2. add key to authorized_keys on target server
3. Connect to server with -o IdentityAgent=none (required as workaround
for bug 3572)
connection is refused (no further information on client side)
4. find the above mentioned error message in the journal log
Both Client and Server are running Arch with OpenSSH 9.4
Used Security Key: Nitrokey 3, Firmware version: v1.5.0
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list