https://bugzilla.mindrot.org/show_bug.cgi?id=2620
Bug ID: 2620 Summary: Option AddKeysToAgent doesnt work with keys provided by PKCS11 libraries. Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-b...@mindrot.org Reporter: reddot.ro...@gmail.com I would like to setup my ssh connection encryption using smart card with PKCS#11 interface provided by shared library. In trivial scenario I'm able to add this key to agent using ssh-add: reddot@docorp:~$ ssh-add -s /usr/lib/libeTPkcs11.so Enter passphrase for PKCS#11: Card added: /usr/lib/libeTPkcs11.so Now I would like to automate this process to be asked to card PIN only once on first key access, thus I would like to use option AddKeysToAgent available in the config. However it seems this option doesn't work with PKCS#11 keys. Could it be fixed. There's one more annoying issue: if PKCS#11 key has been already loaded into agent it isn't considered if ssh uses PKCS11Provider option is set and I've got to enter card PIN again: reddot@docorp:~$ ssh-add -l 2048 SHA256:........................................... /usr/lib/libeTPkcs11.so (RSA) 2048 SHA256:........................................... /usr/lib/libeTPkcs11.so (RSA) reddot@docorp:~$ ssh valov.avp.ru Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-38-generic x86_64) ... reddot@docorp:~$ ssh valov.avp.ru -I/usr/lib/libeTPkcs11.so Enter PIN for 'Roman Valov': ... Have to enter my card PIN again despite it's key is available via agent. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs