[Bug 3607] New: Redundant "Confirm user presence"

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Aug 22 08:14:07 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3607

            Bug ID: 3607
           Summary: Redundant "Confirm user presence"
           Product: Portable OpenSSH
           Version: 9.4p1
          Hardware: All
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh
          Assignee: unassigned-bugs at mindrot.org
          Reporter: bluebird090909 at proton.me

Connecting with a security key results in the following behavior:

$ ssh tester at testserver 
Confirm user presence for key ED25519-SK SHA256:7eZ...
Enter PIN for ED25519-SK key /home/user/.ssh/id_ed25519_sk-test:
(Pin is entered)
Confirm user presence for key ED25519-SK SHA256:7eZ...
(Authenticator touched)



To clarify: 
After initiating the connection, I get the following two lines
immediately:

Confirm user presence for key ED25519-SK SHA256:7eZ...
Enter PIN for ED25519-SK key /home/user/.ssh/id_ed25519_sk-test:

I then enter the PIN and get the next line:

Confirm user presence for key ED25519-SK SHA256:7eZ...

Then I touch the device (once) and am logged in
I never need to touch the device twice to login.


The key was generated with the following:

ssh-keygen -t ed25519-sk -O resident -O verify-required -O
application=ssh:test



Both Client and Server are running Arch with OpenSSH 9.4 
Used Security Key: Nitrokey 3, Firmware version: v1.5.0

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list