[Bug 2635] Unable to use SSH Agent and user level PKCS11Provider configuration directive
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Feb 23 01:24:10 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2635
Jakub Jelen <jjelen at redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jjelen at redhat.com
--- Comment #8 from Jakub Jelen <jjelen at redhat.com> ---
Created attachment 3126
--> https://bugzilla.mindrot.org/attachment.cgi?id=3126&action=edit
Tail of openSC debug log
I believe this is not a problem of OpenSSH, but of the PKCS#11 module,
which is not correctly handling the concurrent access from two separate
processes (ssh and ssh-pkcs11-helper of ssh-agent).
I can reproduce the same issue with latest OpenSC and OpenSSH. Running
the current OpenSC in debug mode, shows similar errors as in the
attachment, while running the ssh-agent in debug mode and adding the
latest OpenSC pkcs11 module:
OPENSC_DEBUG=9 ssh-agent -d
I just tested the same case with the patch proposed in OpenSC upstream
PR [1] and it seems to resolving the problem.
This is also related to the recent change in OpenSC upstream, which is
setting disconnect_action=leave by default (previously, it was "reset",
which was also breaking long-running sessions such as ssh-agent).
You can try if this will help you to resolve your problems. If not,
please, provide also the debug logs from OpenSC as shown above.
[1] https://github.com/OpenSC/OpenSC/pull/1256
[2] https://github.com/OpenSC/OpenSC/pull/1242
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list