On 2020-02-07 at 15:21 +1100, Damien Miller wrote:
> On Thu, 6 Feb 2020, Phil Pennock wrote:
> > When an ECDSA-SK handle has been loaded into ssh-agent, and you connect
> > to a host, there is no prompt to touch the token beyond a light on the
> > token starting to blink.
[ snip examples ]
> >
> > Can that "Confirm user presence" nudge be made to happen with the agent
> > in play too? It's nice.
>
> So, that should work if the agent has $DISPLAY set and access to
> SSH_ASKPASS - it should pop up a confirmation box that will go away
> as soon as you touch the key.
I don't use ssh-askpass. [1]
I can confirm that with gnome-ssh-askpass installed and configured, I
get a pop-up box.
Is there no way to confirm user presence via the tty when using the
agent? If not, a note to this effect is probably needed in the U2F
docs.
Thanks,
-Phil
[1] I've tried ssh-askpass in the past; my (flawed) recollection now is
that with long-running jobs which would eventually get around to
trying to connect, I'd get interrupted and focus/keystrokes stolen
and it aggravated me. That, or it was frustration at the Gnome
stuff always trying to cache passphrases in login keychains and
checkboxes defaulting to "yes" every time, so I just nuked those
bits from orbit so my "remote access to sensitive systems"
credentials would not be held inappropriately.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
