On 2024-09-11, WATANABE Takeo <t...@kasaneiro.jp> wrote: > on Tue, 10 Sep 2024 20:22:40 +0200 > Mike Fischer <fischer+o...@lavielle.com> wrote: > >> The easiest way to test whether pf(4) is interfering with your YubiKey is to >> temporarily turn off pf(4) (`doas pfctl -d`) and test. If the problem >> persists then pf(4) is not the cause. >> Turn pf(4) back on again after your test (`doas pfctl -e` or `doas reboot`). > > When pf was disabled, the problem no longer occurred. > > I also discovered, through trial and error, that > If I change the SSH port back to the default 22, the problem goes away. > the problem no longer occurs, even with pf enabled.
It doesn't make sense that either changing the port or disabling/enabling PF would make any difference as to whether SSH accepts Fido2 authentication. Perhaps something else is happening and it's a coincidence that it happens at the same time as you adjust configuration? Is there anything relevant in /var/log/authlog? -- Please keep replies on the mailing list.
