[PATCH] Readable return codes for pkcs11 identities
jjelen at redhat.com
Fri Mar 6 02:32:34 AEDT 2020
On Wed, 2020-02-26 at 18:20 -0800, Jacob Hoffman-Andrews wrote:
> Right now, if I typo my PIN for a PKCS#11 token, I get the
> inscrutable message:
> $ ssh -I /path/to/module user at example.com
> Enter PIN for 'SSH key':
> C_Login failed: 160
> I'd prefer to receive a more useful message:
> Login to PKCS#11 token failed: Incorrect PIN
> I've attached a patch that adds specific handling for three common
> error cases: Incorrect PIN, PIN too long or too short, and PIN
> I've also tweaked the fallback error case to indicate that it is a
> PKCS#11-specific error. Hope this is useful!
Please, open a new bug with the patch so it will not get lost in the
mailing list. This is certainly something useful to have.
Senior Software Engineer
Red Hat, Inc.
More information about the openssh-unix-dev