![]() ssh-keygen -vvv -y -f AAAAGnNrLX.mAAAABHNzaDo= sk_application: "ssh:", sk_flags 0x01 Using ssh-keygen compiled from the OpenSSH 9.0p1 portable source, I can see that the public key has the flags set to 0x1 (user presence required): $. I am using the default ssh-agent and I can see the key listed in the 'Passwords and keys' application in Gnome under 'OpenSSH keys'. ![]() This is on Ubuntu 20.04.4 LTS with OpenSSH 8.2p1 (and Git 2.28.0). The issue I have with this behavior is I don't know whether the SSH client is waiting for the network/server/proxy or for me to touch the key. When using the key for Git operations like git clone or git pull, it just silently waits for the key tap. Once I touch it, the SSH login succeeds with that key and the subsequent messages will be: debug1: Authentication succeeded (publickey). explicit authenticator agentĪt which point the Yubikey starts flashing. explicit authenticator agentĭebug1: Server accepts key: /./.ssh/id_ed25519-sk ED25519-SK SHA256. In verbose mode the SSH client displays: debug1: Authentications that can continue: publickeyĭebug1: Next authentication method: publickeyĭebug1: Offering public key: /./.ssh/id_ed25519-sk ED25519-SK SHA256. When using the key for establishing a SSH connection however, there is no message about requiring to touch the key like on the Github blog Security keys are now supported for SSH Git operations: Confirm user presence for key. I have created SSH key on Yubikey 5 Nano using FIDO2: ssh-keygen -t ed25519-sk -f ~/.ssh/id_ed25519-sk ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |