Re: Call for testing: OpenSSH 8.2

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On 2020-02-07 at 15:21 +1100, Damien Miller wrote:
> On Thu, 6 Feb 2020, Phil Pennock wrote:
> > When an ECDSA-SK handle has been loaded into ssh-agent, and you connect
> > to a host, there is no prompt to touch the token beyond a light on the
> > token starting to blink.
[ snip examples ]
> >
> > Can that "Confirm user presence" nudge be made to happen with the agent
> > in play too?  It's nice.
>
> So, that should work if the agent has $DISPLAY set and access to
> SSH_ASKPASS - it should pop up a confirmation box that will go away
> as soon as you touch the key.

I don't use ssh-askpass. [1]

I can confirm that with gnome-ssh-askpass installed and configured, I
get a pop-up box.

Is there no way to confirm user presence via the tty when using the
agent?  If not, a note to this effect is probably needed in the U2F
docs.

Thanks,
-Phil

[1] I've tried ssh-askpass in the past; my (flawed) recollection now is
    that with long-running jobs which would eventually get around to
    trying to connect, I'd get interrupted and focus/keystrokes stolen
    and it aggravated me.  That, or it was frustration at the Gnome
    stuff always trying to cache passphrases in login keychains and
    checkboxes defaulting to "yes" every time, so I just nuked those
    bits from orbit so my "remote access to sensitive systems"
    credentials would not be held inappropriately.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux