Open cedws opened 2 years ago
@bguerout fyi maybe this workaround will work for you
@cedws I had the same problem, it is because of IdentitiesOnly yes
From man ssh_config
IdentityFile
Specifies a file from which the user's DSA, ECDSA, authenticator-hosted ECDSA, Ed25519, authenticator-hosted Ed25519 or RSA
authentication identity is read. The default is ~/.ssh/id_rsa, ~/.ssh/id_ecdsa, ~/.ssh/id_ecdsa_sk, ~/.ssh/id_ed25519,
~/.ssh/id_ed25519_sk and ~/.ssh/id_dsa. Additionally, any identities represented by the authentication agent will be used for
authentication unless IdentitiesOnly is set. If no certificates have been explicitly specified by CertificateFile, ssh(1)
will try to load certificate information from the filename obtained by appending -cert.pub to the path of a specified
IdentityFile.
Arguments to IdentityFile may use the tilde syntax to refer to a user's home directory or the tokens described in the TOKENS
section.
It is possible to have multiple identity files specified in configuration files; all these identities will be tried in
sequence. Multiple IdentityFile directives will add to the list of identities tried (this behaviour differs from that of
other configuration directives).
IdentityFile may be used in conjunction with IdentitiesOnly to select which identities in an agent are offered during
authentication. IdentityFile may also be used in conjunction with CertificateFile in order to provide any certificate also
needed for authentication with the identity.
The significant bits are:
The README recommends using
IdentityAgent
in your SSH client config.So my SSH config would look like this:
But this doesn't work...
SSH client logs:
yubikey-agent logs:
Version:
Workaround
If I create a file containing the public key in the YubiKey and set my SSH config to this:
I can successfully SSH to a server after touching my YubiKey.