[Bug 3572] ssh-agent refused operation when using FIDO2 with -O verify-required

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Sun Dec 24 00:45:44 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3572

personal at ilanjoselevich.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |personal at ilanjoselevich.com

--- Comment #10 from personal at ilanjoselevich.com ---
Created attachment 3778
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3778&action=edit
two terminals running ssh and ssh-agent

I really want to use ssh-agent with my FIDO2 (PIN) protected ssh key
but it seems that it requires you to use a GUI SSH_ASKPASS. I played
around with it a bit and figured out that the reason why it needs a GUI
SSH_ASKPASS is because it executes it inside the ssh-agent's process
and tty, meaning that it will just fail once it asks for a password on
the terminal because it is non-interactive.

I wonder if it's possible for ssh to run the SSH_ASKPASS on the
client's terminal rather than on the agent and pass the output back to
the agent.

I attached an image of the two terminals to the side, one running the
agent, and one running `ssh`.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list