https://bugzilla.mindrot.org/show_bug.cgi?id=2890
Jacob Hoffman-Andrews <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |[email protected] --- Comment #5 from Jacob Hoffman-Andrews <[email protected]> --- Created attachment 3369 --> https://bugzilla.mindrot.org/attachment.cgi?id=3369&action=edit updated patch, March 2020 I've applied the patch locally and brought it up to date so it builds with the latest master. I'm interested in fixing the workflow for a token + builtin reader (e.g. a Yubikey in PIV mode), as discussed at https://lists.mindrot.org/pipermail/openssh-unix-dev/2020-February/038317.html. I can confirm that this patch doesn't solve my use case. When I remove and then reinsert my Yubikey, and run `ssh example.com`, I get: ssh-agent: fd 4 setting O_NONBLOCK ssh-agent: process_message: socket 1 (fd=4) type 11 ssh-agent: process_message: socket 1 (fd=4) type 13 ssh-pkcs11-helper: process_sign ssh-pkcs11-helper: check 0x559707702c70 /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so PIV AUTH pubkey ssh-pkcs11-helper: RSA_get_app_data failed for rsa 0x559707776630 ssh-pkcs11-helper: pkcs11_check_obj_bool_attrib: provider 0x55970771b5f0 slot 0 object 94107153503168: attrib 514 = 0 ssh-pkcs11-helper: C_Sign failed: 5 ssh-pkcs11-helper: pkcs11_k11_free: parent 0x5597077700c0 ptr (nil) idx 1 ssh-agent: process_sign_request2: sshkey_sign: error in libcrypto sign_and_send_pubkey: signing failed: agent refused operation I would be curious to hear if the updated patch works for the separate token + reader use case. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
