Arch Linux

Please read this before reporting a bug:
https://wiki.archlinux.org/index.php/Reporting_Bug_Guidelines

Do NOT report bugs when a package is just outdated, or it is in Unsupported. Use the 'flag out of date' link on the package page, or the Mailing List.

REPEAT: Do NOT report bugs for outdated packages!
Tasklist

FS#62508 - OpenSSH and PKCS#11 asking for two PINs when using smartcard login

Attached to Project: Arch Linux
Opened by Nicolas Glassey (Weby) - Tuesday, 30 April 2019, 05:54 GMT
Task Type Bug Report
Category Packages: Core
Status Unconfirmed
Assigned To No-one
Architecture x86_64
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 0%
Votes 1
Private No

Details

Description:
Starting with v. 8.0p1.1, I experience weird SmartCard login issues.
All hosts are asking for the smartcard Pin, even those who don't have the smartcard public key installed.

Furthermore, the login prompts for TWO separate pins (User PIN and User PIN (sig)), where it only asked for one before.

The login still works if I input the first PIN correctly. The second pin doesn't seem to have any effect : whether I enter it correctly or not, it really only depends on the first PIN being correct.
On a host that doesn't have the smartcard public key installed, entering a wrong pin doesn't have any other effect than giving me an error message on login, while still allowing me through.

Example screenshots attached.

Additional info:
First version where I noticed it : 8.0p1.1
Last verified working version : 7.9p1-1

Config :
Host *
PKCS11Provider /usr/lib/opensc-pkcs11.so
ServerAliveInterval 240
TCPKeepAlive yes

Steps to reproduce:
- Set up PKCS11Provider with /usr/lib/opensc-pkcs11.so
- Try to log in to any host, with any login, whether they have the corresponding smartcard public key installed or not

   ssh1.png (143.8 KiB)
   ssh2.png (102 KiB)
This task depends upon

Loading...