[Bug 3572] ssh-agent refused operation when using FIDO2 with -O verify-required

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Tue Jan 2 19:39:50 AEDT 2024


https://bugzilla.mindrot.org/show_bug.cgi?id=3572

--- Comment #17 from chn at chn.moe ---
(In reply to personal from comment #16)
> (In reply to chn from comment #15)
> > Thank you, I tried it and it works. I also tried
> > `systemd-ask-password`, it works too.
> 
> So you have ssh-agent running in a systemd service and it asks you
> for the password using systemd-ask-password on the terminal
> executing `ssh`?
> This is exactly what I want but I could never get it to work. Can
> you show me your config?

Sorry for the late response, I have not check my email during holiday.
Happy new year!

I am not sure if my ssh-agent was running in a systemd service or not.
I am using ed25519-sk with discoverable (resident) credentials without
`verify-required` (everytime I use my ssh key, I need to tap the metal
thing on my Yubikey 5 NFC, but do not need to enter PIN code). Here is
my config, hope it is useful.

https://github.com/CHN-beta/nixos/blob/d3f38c3b55676e5a746666a5d07c6d137759066b/modules/packages/server/ssh/default.nix#L103

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list