OpenSSH not requesting PIN code for YubiKey
Damien Miller
djm at mindrot.org
Mon Jul 13 13:34:37 AEST 2020
On Fri, 10 Jul 2020, Frank Sharkey wrote:
> I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it
> works. However, it does not do PIN enforcement at SSH login. It only
> requests the PIN during the set-up process (when the key is being
> generated). Is that the way it's supposed to work?
Assuming you are using this device as a FIDO token (and not PKCS#11),
this is expected. OpenSSH doesn't yet support requiring PINs for keys
except for a couple of corner cases (e.g. resident keys).
I hope to add this before OpenSSH 8.4.
-d
More information about the openssh-unix-dev
mailing list