[PATCH] Readable return codes for pkcs11 identities
Jacob Hoffman-Andrews
jsha at letsencrypt.org
Fri Mar 6 04:46:39 AEDT 2020
Done, thanks. https://bugzilla.mindrot.org/show_bug.cgi?id=3130
On Thu, Mar 5, 2020 at 7:32 AM Jakub Jelen <jjelen at redhat.com> wrote:
>
> On Wed, 2020-02-26 at 18:20 -0800, Jacob Hoffman-Andrews wrote:
> > Right now, if I typo my PIN for a PKCS#11 token, I get the
> > inscrutable message:
> >
> > $ ssh -I /path/to/module user at example.com
> > Enter PIN for 'SSH key':
> > C_Login failed: 160
> >
> > I'd prefer to receive a more useful message:
> >
> > Login to PKCS#11 token failed: Incorrect PIN
> >
> > I've attached a patch that adds specific handling for three common
> > error cases: Incorrect PIN, PIN too long or too short, and PIN
> > locked.
> > I've also tweaked the fallback error case to indicate that it is a
> > PKCS#11-specific error. Hope this is useful!
>
> Please, open a new bug with the patch so it will not get lost in the
> mailing list. This is certainly something useful to have.
>
> Regards,
> --
> Jakub Jelen
> Senior Software Engineer
> Security Technologies
> Red Hat, Inc.
>
More information about the openssh-unix-dev
mailing list