Call for testing: OpenSSH 8.2

Phil Pennock phil.pennock at globnix.org
Sat Feb 8 04:00:40 AEDT 2020


On 2020-02-07 at 15:21 +1100, Damien Miller wrote:
> On Thu, 6 Feb 2020, Phil Pennock wrote:
> > When an ECDSA-SK handle has been loaded into ssh-agent, and you connect
> > to a host, there is no prompt to touch the token beyond a light on the
> > token starting to blink.
[ snip examples ]
> >
> > Can that "Confirm user presence" nudge be made to happen with the agent
> > in play too?  It's nice.
>
> So, that should work if the agent has $DISPLAY set and access to
> SSH_ASKPASS - it should pop up a confirmation box that will go away
> as soon as you touch the key.

I don't use ssh-askpass. [1]

I can confirm that with gnome-ssh-askpass installed and configured, I
get a pop-up box.

Is there no way to confirm user presence via the tty when using the
agent?  If not, a note to this effect is probably needed in the U2F
docs.

Thanks,
-Phil

[1] I've tried ssh-askpass in the past; my (flawed) recollection now is
    that with long-running jobs which would eventually get around to
    trying to connect, I'd get interrupted and focus/keystrokes stolen
    and it aggravated me.  That, or it was frustration at the Gnome
    stuff always trying to cache passphrases in login keychains and
    checkboxes defaulting to "yes" every time, so I just nuked those
    bits from orbit so my "remote access to sensitive systems"
    credentials would not be held inappropriately.


More information about the openssh-unix-dev mailing list