From c93aef26356de0a0a8f0cdf3fd2aeb8c5b059e84 Mon Sep 17 00:00:00 2001 From: djm Date: Fri, 5 Aug 2022 05:01:40 +0000 Subject: [PATCH] don't prompt for FIDO passphrase before attempting to enroll the credential, just let the enroll operating fail and we'll attempt to get a PIN anyway. Might avoid some unneccessary PIN prompts. Part of GHPR#302 from Corinna Vinschen; ok dtucker@ --- usr.bin/ssh/ssh-keygen.c | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/usr.bin/ssh/ssh-keygen.c b/usr.bin/ssh/ssh-keygen.c index f50d5ae5260..556679d0635 100644 --- a/usr.bin/ssh/ssh-keygen.c +++ b/usr.bin/ssh/ssh-keygen.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssh-keygen.c,v 1.457 2022/07/20 03:33:22 djm Exp $ */ +/* $OpenBSD: ssh-keygen.c,v 1.458 2022/08/05 05:01:40 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland @@ -3265,7 +3265,7 @@ usage(void) int main(int argc, char **argv) { - char comment[1024], *passphrase; + char comment[1024], *passphrase = NULL; char *rr_hostname = NULL, *ep, *fp, *ra; struct sshkey *private, *public; struct passwd *pw; @@ -3775,13 +3775,6 @@ main(int argc, char **argv) } if ((attest = sshbuf_new()) == NULL) fatal("sshbuf_new failed"); - if ((sk_flags & - (SSH_SK_USER_VERIFICATION_REQD|SSH_SK_RESIDENT_KEY))) { - passphrase = read_passphrase("Enter PIN for " - "authenticator: ", RP_ALLOW_STDIN); - } else { - passphrase = NULL; - } r = 0; for (i = 0 ;;) { if (!quiet) { -- 2.20.1