[PATCH] Readable return codes for pkcs11 identities
Jakub Jelen
jjelen at redhat.com
Fri Mar 6 02:32:34 AEDT 2020
On Wed, 2020-02-26 at 18:20 -0800, Jacob Hoffman-Andrews wrote:
> Right now, if I typo my PIN for a PKCS#11 token, I get the
> inscrutable message:
>
> $ ssh -I /path/to/module user at example.com
> Enter PIN for 'SSH key':
> C_Login failed: 160
>
> I'd prefer to receive a more useful message:
>
> Login to PKCS#11 token failed: Incorrect PIN
>
> I've attached a patch that adds specific handling for three common
> error cases: Incorrect PIN, PIN too long or too short, and PIN
> locked.
> I've also tweaked the fallback error case to indicate that it is a
> PKCS#11-specific error. Hope this is useful!
Please, open a new bug with the patch so it will not get lost in the
mailing list. This is certainly something useful to have.
Regards,
--
Jakub Jelen
Senior Software Engineer
Security Technologies
Red Hat, Inc.
More information about the openssh-unix-dev
mailing list