Created attachment 3408 [details] Annotated log of ssh -v demonstrating the issue When using a security key login that requires touch, no message is printed by the client or server while waiting for the touch. On security keys that support it, the light begins flashing, but this may be hard to notice. Excerpt from the attached session log: debug1: Offering public key: /home/kane/.ssh/id_ecdsa_sk ECDSA-SK SHA256:1bjhZUm1GLemKIhbwX33nP4zpLuW3VBPdH9kN1LH0bU explicit authenticator agent debug1: Server accepts key: /home/kane/.ssh/id_ecdsa_sk ECDSA-SK SHA256:1bjhZUm1GLemKIhbwX33nP4zpLuW3VBPdH9kN1LH0bU explicit authenticator agent [[ Exchange hangs until sk touch ]] Authenticated with partial success. Some component - either the ssh client binary, or the agent - should print a message along the lines of "Please touch your security key." immediately before requesting a signature from a touch-required security key. It may be awkward for the agent to determine the correct terminal to print to, so I suggest the client relying on the touch-required flag. Issue found on Ubuntu 20.04.0
This only occurs when the -sk key is added to the agent. Using `SSH_AUTH_SOCK= ssh ...`, a prompt is displayed like normal. Workaround: Block ssh-add from adding -sk keys by default.
ssh-agent is able to notify via SSH_ASKPASS. Do you have that configured?
Closing; this works for me. If you are able to reproduce this with an agent configured to use ssh-askpass, then please reopen.
close bugs that were resolved in OpenSSH 8.5 release cycle