Package: openssh-client Version: 1:9.2p1-2 Severity: normal X-Debbugs-Cc: a...@koalatux.ch
Dear Maintainer, I am using a hardware token supporting FIDO2 for SSH. The hardware token requires presence for every SSH connection. The ssh-agent starts ssh-askpass to notify the user that presence is required. This works well with X11, but with wayland no notification appears, but touching the hardware token still works and the SSH connection can still be established successfully. Looking into the code[1] reveals that ssh-agent is checking for the DISPLAY environment variable, otherwise it won't even start ssh-askpass. As a work-around I now start ssh-agent with the env variable SSH_ASKPASS_REQUIRE set to "force", I achieved this by creating the file /etc/systemd/user/ssh-agent.service.d/override.conf with these two lines as content: [Service] Environment="SSH_ASKPASS_REQUIRE=force" At least with ksshaskpass as the selected alternative for ssh-askpass this works. Kind regards, Adi [1]: https://sources.debian.org/src/openssh/1%3A9.2p1-2/readpass.c/#L264-L269 -- System Information: Debian Release: 12.0 APT prefers stable-security APT policy: (500, 'stable-security'), (500, 'stable-debug'), (500, 'proposed-updates-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-9-amd64 (SMP w/8 CPU threads; PREEMPT) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages openssh-client depends on: ii adduser 3.134 ii libc6 2.36-9 ii libedit2 3.1-20221030-2 ii libfido2-1 1.12.0-2+b1 ii libgssapi-krb5-2 1.20.1-2 ii libselinux1 3.4-1+b6 ii libssl3 3.0.9-1 ii passwd 1:4.13+dfsg1-1+b1 ii zlib1g 1:1.2.13.dfsg-1 Versions of packages openssh-client recommends: ii xauth 1:1.1.2-1 Versions of packages openssh-client suggests: pn keychain <none> ii ksshaskpass [ssh-askpass] 4:5.27.5-2 pn libpam-ssh <none> pn monkeysphere <none> -- Configuration Files: /etc/ssh/ssh_config changed [not included] -- no debconf information