On Sun, 10 Oct 2021, Jeremy Hansen wrote: > I’m evaluating the new Yubikey Bio keys and there’s some issues I > don’t quite understand regarding presense touch and actual finger > print verification. > > If I load the resident key (i.e. ssh-add -K), things seem to work > as expected and the wrong finger print results in dropping down to > another authentication method. > > If I don’t use ssh-add -K, then it seems ssh only verifies presense. > I basically want to enforce proper fingerprint recognition always. Is > there a way to do this? Yes, you need to specify -Overify-required on the ssh-keygen command- line when generating the key. -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
