[Bug 2635] Unable to use SSH Agent and user level PKCS11Provider configuration directive

Fri Feb 23 01:24:10 AEDT 2018

https://bugzilla.mindrot.org/show_bug.cgi?id=2635

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #8 from Jakub Jelen <jjelen at redhat.com> ---
Created attachment 3126
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3126&action=edit
Tail of openSC debug log

I believe this is not a problem of OpenSSH, but of the PKCS#11 module,
which is not correctly handling the concurrent access from two separate
processes (ssh and ssh-pkcs11-helper of ssh-agent).

I can reproduce the same issue with latest OpenSC and OpenSSH. Running
the current OpenSC in debug mode, shows similar errors as in the
attachment, while running the ssh-agent in debug mode and adding the
latest OpenSC pkcs11 module:

    OPENSC_DEBUG=9 ssh-agent -d

I just tested the same case with the patch proposed in OpenSC upstream
PR [1] and it seems to resolving the problem.

This is also related to the recent change in OpenSC upstream, which is
setting disconnect_action=leave by default (previously, it was "reset",
which was also breaking long-running sessions such as ssh-agent).

You can try if this will help you to resolve your problems. If not,
please, provide also the debug logs from OpenSC as shown above.

[1] https://github.com/OpenSC/OpenSC/pull/1256
[2] https://github.com/OpenSC/OpenSC/pull/1242

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.