ssh-agent hides sk "confirm user presence" message
Jochen Bern
Jochen.Bern at binect.de
Mon Oct 16 21:19:15 AEDT 2023
On 16.10.23 04:59, Damien Miller wrote:
> On Mon, 16 Oct 2023, openssh at tr.id.au wrote:
>> When using the key without an agent, it prompts with a reminder to touch the key:
>>
>> $ ssh user at remote
>> Confirm user presence for key ED25519-SK MD5:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX
[...]
>> But as soon as I add the key to an agent, it now hides that reminder
>
> Generally we prefer to use ssh-askpass for agent notifications.
*Which* ssh-askpass, OpenBSD's (with the "LEDs" underneath and "only"
the usual range of X11 options), GNOME's (which doesn't react to
"--help", "-h", or "-?", and doesn't seem to have a manpage, either), or
KDE's (with a selection of possible options, including "--help",
"--author", "--license", and Qt-specific ones)?
As far as I know, they would all require a (in the OP's use case,
*second*) user interaction to close them again, and are pretty much
unusable for any *multiline* notifications (say, something similar to
"VisualHostKey=yes") ...
However, IIUC the real problem with the OP's request is that it is
indeed the *agent* asking (or not ...) the user to complete the
authentication, whereas in the empty-agent version, it's the *ssh*
command - which *is* connected to a terminal - doing so. Hence, the
prompt is not exactly "hidden", but doesn't readily *have* a place to
show up in.
Kind regards,
--
Jochen Bern
Systemingenieur
Binect GmbH
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3449 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20231016/234d9633/attachment.p7s>
More information about the openssh-unix-dev
mailing list