[Bug 3572] ssh-agent refused operation when using FIDO2 with -O verify-required
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Tue Jan 2 23:06:19 AEDT 2024
https://bugzilla.mindrot.org/show_bug.cgi?id=3572
--- Comment #18 from personal at ilanjoselevich.com ---
(In reply to chn from comment #17)
> I am not sure if my ssh-agent was running in a systemd service or
> not. I am using ed25519-sk with discoverable (resident) credentials
> without `verify-required` (everytime I use my ssh key, I need to tap
> the metal thing on my Yubikey 5 NFC, but do not need to enter PIN
> code). Here is my config, hope it is useful.
>
> https://github.com/CHN-beta/nixos/blob/
> d3f38c3b55676e5a746666a5d07c6d137759066b/modules/packages/server/ssh/
> default.nix#L103
It is running inside a systemd service. Since you are not using a FIDO2
PIN you don't need an askpass, I do use a FIDO2 PIN, which is why I
can't get systemd-ask-password to work since it's a terminal-based
askpass and it gets executed in the systemd service as I've previously.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list