[Bug 3572] ssh-agent refused operation when using FIDO2 with -O verify-required

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Aug 25 09:38:06 AEST 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3572

--- Comment #7 from Damien Miller <djm at mindrot.org> ---
(In reply to bluebird090909 from comment #6)
> I didn't have ssh-askpass installed either, but even after
> installing it and using the steps above, the result was the same.

Well, you didn't follow my instructions so that's not surprising.

> Running on Arch Linux:
> 
> sudo pacman -S x11-ssh-askpass
> env SSH_ASKPASS=/usr/lib/ssh/x11-ssh-askpass ssh-agent $SHELL -l

That's not the right path. I had the correct path in the instructions
in comment #5. Try replacing /usr/lib/ssh/x11-ssh-askpass with
/usr/libexec/openssh/x11-ssh-askpass.

> Shouldn't entering the pin on the terminal work as well? It works
> during key registration at least, so I don't get why ssh-askpass
> would be required?

Because ssh-agent is a daemon process that isn't connected to the
terminal.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list