[Bug 3058] New: ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Aug 23 19:20:04 AEST 2019 

https://bugzilla.mindrot.org/show_bug.cgi?id=3058

            Bug ID: 3058
           Summary: ssh should not complain about "no slots" when
                    PKCS11Provider is specified, but no slot is found nor
                    used
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Keywords: pkcs11
          Severity: enhancement
          Priority: P5
         Component: Smartcard
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com
                CC: djm at mindrot.org, jcpunk at gmail.com,
                    unassigned-bugs at mindrot.org
        Depends on: 2610

This got back with OpenSSH 8.0 and variant of this message is again
printed as an error, which is irritating.

+++ This bug was initially created as a clone of Bug #2610 +++

Specifying a PKCS11Provider in the configuration and using the ssh
without a card inserted results in the error

    no slots

during the pkcs11 initialization. This error is in no way fatal and
usually does not require user attention. We might argue that that the
user should configure this option only when it is absolutely needed
using proper match blocks, but even though the verbosity is too high
and without any context does not make much sense.

Also other messages informing about "provider already registered" and
about "no keys" are not too important to show as error() form my point
of view. Also in most of these logging functions, there is missing
context and the user does not have the slightest idea where does these
messages come from and what do they mean. Prefixing them with the
function name also seems like reasonable idea.


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=2610
[Bug 2610] ssh should not complain about "no slots" when PKCS11Provider
is specified, but no slot is found nor used
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list