On Fri, 10 Jul 2020, Frank Sharkey wrote: > I set up the YubiKey with OpenSSH 8.2 (Ubuntu client and server) and it > works. However, it does not do PIN enforcement at SSH login. It only > requests the PIN during the set-up process (when the key is being > generated). Is that the way it's supposed to work? Assuming you are using this device as a FIDO token (and not PKCS#11), this is expected. OpenSSH doesn't yet support requiring PINs for keys except for a couple of corner cases (e.g. resident keys). I hope to add this before OpenSSH 8.4. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
