[Bug 3006] New: ssh and ssh-keygen always ask for PIN
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri May 10 19:18:35 AEST 2019
https://bugzilla.mindrot.org/show_bug.cgi?id=3006
Bug ID: 3006
Summary: ssh and ssh-keygen always ask for PIN
Product: Portable OpenSSH
Version: 8.0p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Prior OpenSSH 8.0, the ssh and ssh-keygen were able to retrieve public
keys from PKCS#11 modules without asking for a PIN. The PIN prompt was
delayed to the reading of private key and to the private key operation,
once the public key check succeeded.
The OpenSSH 8.0 asks for the PIN as soon as it loads the pkcs11 module,
which is annoying. It is caused by the commits 7a7fdca and 41923ce
attempting to handle unreadable public keys without login, which should
be handled rather as described in the bug #2430.
I propose to revert these two patches and merge a patch from #2430.
For more information, see the mail thread:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-April/037759.html
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list