[PATCH] Readable return codes for pkcs11 identities

Jakub Jelen jjelen at redhat.com
Fri Mar 6 02:32:34 AEDT 2020

On Wed, 2020-02-26 at 18:20 -0800, Jacob Hoffman-Andrews wrote:
> Right now, if I typo my PIN for a PKCS#11 token, I get the
> inscrutable message:
> $ ssh -I /path/to/module user at example.com
> Enter PIN for 'SSH key':
> C_Login failed: 160
> I'd prefer to receive a more useful message:
> Login to PKCS#11 token failed: Incorrect PIN
> I've attached a patch that adds specific handling for three common
> error cases: Incorrect PIN, PIN too long or too short, and PIN
> locked.
> I've also tweaked the fallback error case to indicate that it is a
> PKCS#11-specific error. Hope this is useful!

Please, open a new bug with the patch so it will not get lost in the
mailing list. This is certainly something useful to have.

Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.

More information about the openssh-unix-dev mailing list