Cloning with authentication via FIDO2 SSH security key fails #68
Comments
|
Phew, I guess you'd have to configure libgit2 for interactive cloning. I guess this would involve some callbacks in git-rs' As a sidenote: What would your workflow look like? If you clone a lot of repositories, you'd have to touch your Yubikey for each one. I guess you are using private repositories (or have |
|
Thanks for looking at this @hakoerber, and for pointers. I'm not proficient with Rust, although wanted to have a closer look for a while (I guess this might be a good opportunity 🤣). Yes, I'm using private repos, and as mentioned, GitHub only allows keys with mandatory touch. Good point about requiring multiple touches for each repo, that's is certainly a bummer and I don't have a good answer for that. Ideal would be smth. like |
Cloning git repo while using FIDO2 security key (Yubikey 5c)12 for authentication fails with the following error:
I'm using Yubikey configured in native FIDO2 security key mode for authentication, via ssh-agent. Cloning the same repo directly with
git clonecommand works fine.I'm guessing that the issue is that the key requires touch (this is mandatory, GitHub currently does not support using keys without user presence confirmation). It will not fail immediately, but hang for a while. I.e. it seems like it's waiting for the touch confirmation until some timeout.
With normal
git clonethe command will print an interactive prompt, e.g.:and wait for user touching the key. Once done, it will print confirmation:
I'm using grm
0.7.15.Footnotes
https://github.blog/2021-05-10-security-keys-supported-ssh-git-operations/ ↩
https://www.yubico.com/blog/github-now-supports-ssh-security-keys/ ↩
The text was updated successfully, but these errors were encountered: