[Bug 2890] ssh-agent should not fail after removing and inserting smart card

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Wed Mar 18 14:12:01 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=2890

Jacob Hoffman-Andrews <mindrot at hoffman-andrews.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mindrot at hoffman-andrews.com

--- Comment #5 from Jacob Hoffman-Andrews <mindrot at hoffman-andrews.com> ---
Created attachment 3369
  --> https://bugzilla.mindrot.org/attachment.cgi?id=3369&action=edit
updated patch, March 2020

I've applied the patch locally and brought it up to date so it builds
with the latest master.

I'm interested in fixing the workflow for a token + builtin reader
(e.g. a Yubikey in PIV mode), as discussed at
https://lists.mindrot.org/pipermail/openssh-unix-dev/2020-February/038317.html.
I can confirm that this patch doesn't solve my use case. When I remove
and then reinsert my Yubikey, and run `ssh example.com`, I get:

ssh-agent: fd 4 setting O_NONBLOCK
ssh-agent: process_message: socket 1 (fd=4) type 11
ssh-agent: process_message: socket 1 (fd=4) type 13
ssh-pkcs11-helper: process_sign
ssh-pkcs11-helper: check 0x559707702c70
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so PIV AUTH pubkey
ssh-pkcs11-helper: RSA_get_app_data failed for rsa 0x559707776630
ssh-pkcs11-helper: pkcs11_check_obj_bool_attrib: provider
0x55970771b5f0 slot 0 object 94107153503168: attrib 514 = 0
ssh-pkcs11-helper: C_Sign failed: 5
ssh-pkcs11-helper: pkcs11_k11_free: parent 0x5597077700c0 ptr (nil) idx
1
ssh-agent: process_sign_request2: sshkey_sign: error in libcrypto
sign_and_send_pubkey: signing failed: agent refused operation


I would be curious to hear if the updated patch works for the separate
token + reader use case.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list