Fido2 sometimes prompts for PIN

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



I’m trying to understand why my fido2 configuration only asks for a PIN sometimes…

Is there a way to force it to ask for PIN every time?

jeremy@macbook-pro ~ % ssh -A -l root -i ~/.ssh/id_ed25519_sk test.domain.intra
Confirm user presence for key ED25519-SK SHA256:8KYU2Ekxqudg3lwWiSvR9haxH9rNZKPEzKykKLA3jvc
User presence confirmed
Last login: Thu Aug 25 01:56:34 2022 from 192.168.10.95
[root@test ~]# logout
Connection to test.domain.intra closed.
jeremy@macbook-pro ~ % ssh -A -l root -i ~/.ssh/id_ed25519_sk test.domain.intra
Confirm user presence for key ED25519-SK SHA256:8KYU2Ekxqudg3lwWiSvR9haxH9rNZKPEzKykKLA3jvc
User presence confirmed
Last login: Thu Aug 25 01:56:40 2022 from 192.168.10.95
[root@test ~]# logout
Connection to test.domain.intra closed.
jeremy@macbook-pro ~ % ssh -A -l root -i ~/.ssh/id_ed25519_sk test.domain.intra
Confirm user presence for key ED25519-SK SHA256:8KYU2Ekxqudg3lwWiSvR9haxH9rNZKPEzKykKLA3jvc
User presence confirmed
Last login: Thu Aug 25 01:56:44 2022 from 192.168.10.95
[root@test ~]# logout
Connection to test.domain.intra closed.
jeremy@macbook-pro ~ % ssh -A -l root -i ~/.ssh/id_ed25519_sk test.domain.intra
Confirm user presence for key ED25519-SK SHA256:8KYU2Ekxqudg3lwWiSvR9haxH9rNZKPEzKykKLA3jvc
Enter PIN for ED25519-SK key /Users/jeremy/.ssh/id_ed25519_sk:
Confirm user presence for key ED25519-SK SHA256:8KYU2Ekxqudg3lwWiSvR9haxH9rNZKPEzKykKLA3jvc
User presence confirmed
Last login: Thu Aug 25 01:56:47 2022 from 192.168.10.95
[root@test ~]#

and when it does actually ask for PIN, it follows the PIN entry up with another touch request.

Server is 8.8p1, client is 9.0p1.

Distro is CentOS 8.6 on the server and MacOS on the client.

Thanks
-jeremy

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux