https://bugzilla.mindrot.org/show_bug.cgi?id=3572
--- Comment #8 from bluebird090...@proton.me --- The path /usr/libexec/ does not exist on arch linux but /usr/lib/ssh/x11-ssh-askpass is available However I did manage to get the pin entry to work on arch using the x11-ssh-askpass package on a fresh arch installation. Your instructions also worked on a fresh Debian Bookworm after installing the ssh-askpass-gnome package and I can use the agent with the fido2 key and pin verification. In both cases I had to define SSH_ASKPASS first. Eventually I found out that the reason ssh-askpass didn't work initially on my arch setup was because I had this set in my bashrc: export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/ssh-agent.socket" while I also had this systemd service: [Unit] Description=SSH key agent [Service] Type=simple Environment=SSH_AUTH_SOCK=%t/ssh-agent.socket ExecStart=/usr/bin/ssh-agent -D -t 1h -a $SSH_AUTH_SOCK [Install] WantedBy=default.target Removing this export from my bashrc results in ssh-askpass successfully requesting the pin. (And I'm very confused why that is) Note that SSH_AUTH_SOCK is available as environment variable in both cases, but setting it in bashrc seems to prevent askpass from working for some reason. To conclude, setting SSH_ASKPASS allows the agent to successfully request the pin when using fido2 keys with verify-required -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs
