[Bug 3444] New: Improve PKCS#11 support

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Mon Jun 6 19:21:34 AEST 2022


https://bugzilla.mindrot.org/show_bug.cgi?id=3444

            Bug ID: 3444
           Summary: Improve PKCS#11 support
           Product: Portable OpenSSH
           Version: 8.7p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: ssh-agent
          Assignee: unassigned-bugs at mindrot.org
          Reporter: dbelyavs at redhat.com

When you physically remove and re-insert your smartcard, you must
re-initialize your ssh-agent with:

ssh-add -e /usr/lib64/opensc-pkcs11.so
ssh-add -s /usr/lib64/opensc-pkcs11.so

It would be nice to be able to just ask it to prompt for your PIN again
to reload access to the keys.

Or better yet, when trying to connect, instead of:

# ssh host
sign_and_send_pubkey: signing failed: agent refused operation

it could prompt for the PIN.

See more details in https://bugzilla.redhat.com/show_bug.cgi?id=1609055

See a proposed patch in
https://bugzilla.mindrot.org/show_bug.cgi?id=2890

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list