[Bug 3006] New: ssh and ssh-keygen always ask for PIN

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri May 10 19:18:35 AEST 2019


https://bugzilla.mindrot.org/show_bug.cgi?id=3006

            Bug ID: 3006
           Summary: ssh and ssh-keygen always ask for PIN
           Product: Portable OpenSSH
           Version: 8.0p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Smartcard
          Assignee: unassigned-bugs at mindrot.org
          Reporter: jjelen at redhat.com

Prior OpenSSH 8.0, the ssh and ssh-keygen were able to retrieve public
keys from PKCS#11 modules without asking for a PIN. The PIN prompt was
delayed to the reading of private key and to the private key operation,
once the public key check succeeded.

The OpenSSH 8.0 asks for the PIN as soon as it loads the pkcs11 module,
which is annoying. It is caused by the commits 7a7fdca and 41923ce
attempting to handle unreadable public keys without login, which should
be handled rather as described in the bug #2430.

I propose to revert these two patches and merge a patch from #2430.

For more information, see the mail thread:

https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-April/037759.html

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list