On Mon, 16 Oct 2023, openssh@xxxxxxxx wrote: > Hey there, > > I've noticed some unexpected behavior when I occasionally need to forward an ed25519-sk key with ssh-agent. When using the key without an agent, it prompts with a reminder to touch the key: > > $ ssh user@remote > Confirm user presence for key ED25519-SK MD5:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX > User presence confirmed > > But as soon as I add the key to an agent, it now hides that reminder: > > $ ssh-agent /bin/bash > $ ssh-add /path/to/key > Identity added: /path/to/key (ssh:keyname) > $ ssh user@remote > <key starts blinking but no reminder to touch it> > > I first noticed it when forwarding the agent, but it's reproducible locally without forwarding required. > > Some people might prefer to keep the message hidden, which would be okay by me if I could choose to toggle it on. I don't see any options in the various openssh manpages to allow that though. It also seems inconsistent with the expectations set when I use the key without an agent. > > Could you consider adding an option which would allow forcing the message to appear when used with an agent? I think an argument could be made this should be the default behavior, but I'm not going to die on that hill, I'd be content with a configurable toggle. Generally we prefer to use ssh-askpass for agent notifications. Are you able to use that? -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
