ssh-agent hides sk "confirm user presence" message

openssh at tr.id.au openssh at tr.id.au
Mon Oct 16 14:58:13 AEDT 2023


> Is there something I've overlooked or misunderstanding?

Okay, digging into it a bit more, I think I can see why you'd balk at my request :)

When I run the agent in debug mode (ssh-agent -d) I can see the request for user presence now appears:

```
$ ssh-agent -d
SSH_AUTH_SOCK=/tmp/ssh-XXXXXXXXXXXX/agent.XXXXX; export SSH_AUTH_SOCK;
...
debug2: process_extension: entering
debug2: process_ext_session_bind: entering
debug1: process_ext_session_bind: recorded ED25519 SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX (slot 0 of 16)
debug1: process_message: socket 1 (fd=4) type 11
debug2: process_request_identities: entering
debug3: identity_permitted: entering: key ED25519-SK comment "ssh:keyname", 1 socket bindings, 0 constraints
debug2: process_request_identities: replying with 1 allowed of 1 available keys
debug1: process_message: socket 1 (fd=4) type 13
debug1: process_sign_request2: entering
Confirm user presence for key ED25519-SK SHA256:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
```

So I guess the problem is, no good way exists for the agent to pass that request back to the same terminal where I am invoking the ssh client?

In that case, do any examples exist of how to get the agent to detect when "Confirm user presence" is being requested, and I suppose use SSH_ASKPASS to expose the message?

~ Tim



More information about the openssh-unix-dev mailing list