Confirm user presence via ssh-agent protocol?
Jesse Hathaway
jesse at mbuki-mvuki.org
Fri Dec 5 02:39:15 AEDT 2025
I have recently switched to using a FIDO backed ssh key which requires a
touch for each key operation. I was surprised to discover that no
feedback is supplied on the terminal to indicate that a touch is
required, instead the connection appears to simply hang. After a bit of
research my understanding is that at present there is no mechanism for
an ssh-agent to indicate to the ssh client that a touch is
required[1] to continue.
I realize there are other ways to notify that a touch is required,
including using another agent, or monitoring the FIDO device directly,
as yubikey-touch-detector does. However, I would really prefer a message
in my terminal. Would it be possible to add a new ssh-agent protocol
message to indicate that a touch is required?
Yours kindly, Jesse Hathaway
[1] https://lists.mindrot.org/pipermail/openssh-unix-dev/2023-October/040974.html
More information about the openssh-unix-dev
mailing list