[Bug 2890] ssh-agent should not fail after removing and inserting smart card
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Sat Oct 27 06:57:17 AEDT 2018
https://bugzilla.mindrot.org/show_bug.cgi?id=2890
--- Comment #3 from Orion Poplawski <orion at cora.nwra.com> ---
I'm a bit confused. First off, what version of openssh is this patch
for? I had to tweak it a bit to apply to openssh-7.4p1-16.el7 and
similar for openssh-7.9p1.
Also, with openssh-7.4p1-16.el7 it doesn't appear to do anything for my
use case, I still get:
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /usr/lib64/opensc-pkcs11.so
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 60
debug1: Server accepts key: pkalg rsa-sha2-512 blen 279
debug2: input_userauth_pk_ok: fp
SHA256:jBuSAbMlPTbA80YeT6JgUPJcm/c7LIDKV3Sn02UEbrg
debug3: sign_and_send_pubkey: RSA
SHA256:jBuSAbMlPTbA80YeT6JgUPJcm/c7LIDKV3Sn02UEbrg
sign_and_send_pubkey: signing failed: agent refused operation
debug1: Offering RSA public key: /usr/lib64/opensc-pkcs11.so
debug3: send_pubkey_test
debug3: send packet: type 50
debug2: we sent a publickey packet, wait for reply
debug3: receive packet: type 51
Tracing through ssh-pkcs11-helper it seems that pkcs11_key_is_present()
returns 0, so it does not refresh the key. But RSA_private_encrypt()
fails. I'm guessing that I've already invoked C_Sign.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list