[Bug 3864] "Confirm user presence for key" shown twice when using a security key
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Mon Sep 15 12:33:00 AEST 2025
https://bugzilla.mindrot.org/show_bug.cgi?id=3864
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Could you attach a debug log from "ssh -vvv user at host"
The fundamental problem here is that we don't know beforehand whether a
FIDO operation is going to succeed before we try it, and most FIDO
operations block. So we have to show the warning, but in some bases the
token returns immediately with a failure and we have to retry, which
causes a 2nd notification to be shown.
E.g. in your case, it tries once initially. The token is probably
replying with the error status "needs user verification" (i.e. PIN) and
so we retry with the PIN and it succeeds.
If this is the situation, then fixing it is pretty tricky. We haven't
figured out a nice way to do it yet.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list