[Bug 2652] PKCS11 login skipped if login required and no pin set
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Tue Feb 27 01:19:43 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2652
--- Comment #18 from Daniel Kucera <openssh at danman.eu> ---
(In reply to Jakub Jelen from comment #17)
> Sorry, I forgot about the pinpad. For the reader virtual keypad, you
> need to use the patch that I attached to the comment #6 (applied to
> ssh-agent and ssh-pkcs11-provider, which complicates installation).
>
> It should be still prompting for the pin, but if you just press
> enter, you should get past that and should allow to read the keys,
> if I see right.
>
> Unfortunately, the ssh-add does not know if there is pinpad at that
> moment so it can not skip this prompt, but needs to send empty
> string in this case.
After applying patch:
it doesn't work with empty string pin:
$ ./ssh-add -s /usr/lib/eidklient/libpkcs11_sig_x64.so
Enter passphrase for PKCS#11:
Could not add card "/usr/lib/eidklient/libpkcs11_sig_x64.so": agent
refused operation
but it does with correct card pin:
$ ./ssh-add -s /usr/lib/eidklient/libpkcs11_sig_x64.so
Enter passphrase for PKCS#11:
Card added: /usr/lib/eidklient/libpkcs11_sig_x64.so
$ ./ssh-add -L
ssh-rsa AAAAB3... /usr/lib/eidklient/libpkcs11_sig_x64.so
ssh-rsa AAAAB3... /usr/lib/eidklient/libpkcs11_sig_x64.so
ssh-rsa AAAAB3... /usr/lib/eidklient/libpkcs11_sig_x64.so
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list