[Bug 3130] New: [PATCH] Readable return codes for pkcs11 identities
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Mar 6 04:46:20 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3130
Bug ID: 3130
Summary: [PATCH] Readable return codes for pkcs11 identities
Product: Portable OpenSSH
Version: 8.2p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: mindrot at hoffman-andrews.com
Created attachment 3360
--> https://bugzilla.mindrot.org/attachment.cgi?id=3360&action=edit
Patch to provide readable return codes for pkcs11 identities
Right now, if I typo my PIN for a PKCS#11 token, I get the inscrutable
message:
$ ssh -I /path/to/module user at example.com
Enter PIN for 'SSH key':
C_Login failed: 160
I'd prefer to receive a more useful message:
Login to PKCS#11 token failed: Incorrect PIN
I've attached a patch that adds specific handling for three common
error cases: Incorrect PIN, PIN too long or too short, and PIN locked.
I've also tweaked the fallback error case to indicate that it is a
PKCS#11-specific error. Hope this is useful!
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list