You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What is failing
When leveraging certificate based authentication, I am unable to get a prompt when accessing the card. I believe this lies in the fact that there is no ssh-askpass as there is in linux. In pathnames.h line 124 I see reference to ssh-askpass with a linux pathing, but not matching line for win32.
The certificate authentication works, and agent forwarding is functional but I would like to get a prompt when accessing the card for security purposes. If I use OpenSSH with Pageant and wsl-ssh-pageant (https://github.com/benpye/wsl-ssh-pageant) I can configure it to prompt (yes/no) on card access.
Expected output
Prompt for Smart Card use, either a yes/no prompt or PIN input.
step 1
ssh-add -c -s 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll'
Enter passphrase for PKCS#11: ********
step2
ssh- A host.fqdn -l someuser
step 3
some sort of dialogue box with focus prompting for card use (yes/no) or PIN prompt as ssh-askpass works on Linux
Actual output
no dialogue box, forwarding of cert works. I see the private key in the slot being accessed on my yubikey by it blinking
The text was updated successfully, but these errors were encountered:
@bpfoley45 , Since you're using cert-based auth, where the cert is backed by a private key that is stored in a smartcard, a workaround (until ssh-askpass support is introduced), could be to use a smartcard that has support for touch keys such as a Yubikey (reference). With touch keys, your smartcard will enforce a physical touch before allowing any challenge-response against the key.
From a security standpoint, this is stronger than using a prompt on the client machine since the touch will be enforced by the smartcard's own hardware.
"OpenSSH for Windows" version
8.9.1.0
Client OperatingSystem
Windows 10 Enterprise
What is failing
When leveraging certificate based authentication, I am unable to get a prompt when accessing the card. I believe this lies in the fact that there is no ssh-askpass as there is in linux. In pathnames.h line 124 I see reference to ssh-askpass with a linux pathing, but not matching line for win32.
The certificate authentication works, and agent forwarding is functional but I would like to get a prompt when accessing the card for security purposes. If I use OpenSSH with Pageant and wsl-ssh-pageant (https://github.com/benpye/wsl-ssh-pageant) I can configure it to prompt (yes/no) on card access.
Expected output
Prompt for Smart Card use, either a yes/no prompt or PIN input.
step 1
ssh-add -c -s 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll'
Enter passphrase for PKCS#11: ********
step2
ssh- A host.fqdn -l someuser
step 3
some sort of dialogue box with focus prompting for card use (yes/no) or PIN prompt as ssh-askpass works on Linux
Actual output
no dialogue box, forwarding of cert works. I see the private key in the slot being accessed on my yubikey by it blinking
The text was updated successfully, but these errors were encountered: