[PATCH] Readable return codes for pkcs11 identities
Jacob Hoffman-Andrews
jsha at letsencrypt.org
Thu Feb 27 13:20:15 AEDT 2020
Right now, if I typo my PIN for a PKCS#11 token, I get the inscrutable message:
$ ssh -I /path/to/module user at example.com
Enter PIN for 'SSH key':
C_Login failed: 160
I'd prefer to receive a more useful message:
Login to PKCS#11 token failed: Incorrect PIN
I've attached a patch that adds specific handling for three common
error cases: Incorrect PIN, PIN too long or too short, and PIN locked.
I've also tweaked the fallback error case to indicate that it is a
PKCS#11-specific error. Hope this is useful!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Provide-more-user-friendly-output-on-C_Login-errors.patch
Type: text/x-patch
Size: 1304 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20200226/379da696/attachment.bin>
More information about the openssh-unix-dev
mailing list