[Bug 3572] ssh-agent refused operation when using FIDO2 with -O verify-required

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Dec 27 20:56:33 AEDT 2023


https://bugzilla.mindrot.org/show_bug.cgi?id=3572

chn at chn.moe changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |chn at chn.moe

--- Comment #11 from chn at chn.moe ---
(In reply to personal from comment #10)
> Created attachment 3778 [details]
> two terminals running ssh and ssh-agent
> 
> I really want to use ssh-agent with my FIDO2 (PIN) protected ssh key
> but it seems that it requires you to use a GUI SSH_ASKPASS. I played
> around with it a bit and figured out that the reason why it needs a
> GUI SSH_ASKPASS is because it executes it inside the ssh-agent's
> process and tty, meaning that it will just fail once it asks for a
> password on the terminal because it is non-interactive.
> 
> I wonder if it's possible for ssh to run the SSH_ASKPASS on the
> client's terminal rather than on the agent and pass the output back
> to the agent.
> 
> I attached an image of the two terminals to the side, one running
> the agent, and one running `ssh`.

Have you finally made it works? It seems you are using NixOS, would you
mind to share the corresponding configs?

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list