FS#62508 - [openssh] OpenSSH and PKCS#11 asking for two PINs when using smartcard login
Attached to Project:
Arch Linux
Opened by Nicolas Glassey (Weby) - Tuesday, 30 April 2019, 05:54 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 17 January 2020, 21:21 GMT
Opened by Nicolas Glassey (Weby) - Tuesday, 30 April 2019, 05:54 GMT
Last edited by Gaetan Bisson (vesath) - Friday, 17 January 2020, 21:21 GMT
|
Details
Description:
Starting with v. 8.0p1.1, I experience weird SmartCard login issues. All hosts are asking for the smartcard Pin, even those who don't have the smartcard public key installed. Furthermore, the login prompts for TWO separate pins (User PIN and User PIN (sig)), where it only asked for one before. The login still works if I input the first PIN correctly. The second pin doesn't seem to have any effect : whether I enter it correctly or not, it really only depends on the first PIN being correct. On a host that doesn't have the smartcard public key installed, entering a wrong pin doesn't have any other effect than giving me an error message on login, while still allowing me through. Example screenshots attached. Additional info: First version where I noticed it : 8.0p1.1 Last verified working version : 7.9p1-1 Config : Host * PKCS11Provider /usr/lib/opensc-pkcs11.so ServerAliveInterval 240 TCPKeepAlive yes Steps to reproduce: - Set up PKCS11Provider with /usr/lib/opensc-pkcs11.so - Try to log in to any host, with any login, whether they have the corresponding smartcard public key installed or not |
This task depends upon
Closed by Gaetan Bisson (vesath)
Friday, 17 January 2020, 21:21 GMT
Reason for closing: Fixed
Additional comments about closing: openssh-8.1p1-1 in [core] last October
Friday, 17 January 2020, 21:21 GMT
Reason for closing: Fixed
Additional comments about closing: openssh-8.1p1-1 in [core] last October
https://bugzilla.mindrot.org/show_bug.cgi?id=3006
Mailing list :
https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-April/037759.html
https://marc.info/?l=openssh-unix-dev&m=155629305332451&w=2