Package: openssh-client
Version: 1:7.8p1-1
Severity: important
When I specify PKCS#11 URL as a key file for ssh-add, it fails:
$ ssh-agent -s >~/ssh-agent.env
$ source ~/ssh-agent.env
Agent pid 579
$ ssh-add "pkcs11:token=auth;object=PIV%20AUTH%20pubkey"
pkcs11:token=auth;object=PIV%20AUTH%20pubkey: No such file or directory
I would expect it to work as on Fedora:
$ ssh-agent -s >~/ssh-agent.env
$ source ~/ssh-agent.env
Agent pid 31676
$ ssh-add "pkcs11:token=auth;object=PIV%20AUTH%20pubkey"
Enter passphrase for PKCS#11: ******
Card added: pkcs11:token=auth;object=PIV%20AUTH%20pubkey
On Debian it behaves as if the source package is compiled with
ENABLE_PKCS11 macro undefined, and so the PKCS#11-related code in the
do_file() function is out (see ssh-add.c file for details).
Also note that running the following command instead works correctly:
$ ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
I am using Debian GNU/Linux buster/sid, kernel 4.18.0-2-amd64 and libc6
2.27.
