Bugzilla – Bug 2991
make openssh ask for pin only when needed
Last modified: 2012-11-28 12:10:06
You need to
before you can comment on or make changes to this bug.
Currently Red Hat's smart card patch for OpenSSH makes it ask for a PIN when
enumerating the crypto tokens. This means that the user will enter the PIN even
though the client might fail to connect to the server, or that the server won't
accept the public key.
We should modify the code to only ask for the PIN once it actually needs it.
This got fixed when we moved the smart card handling into tlclient.
Tested using client build 3680, running tlclient with -d5 for alot of debug, i
can verify that when "NEXT AUTHMETHOD: publickey" the pin dialog is showed,
which somewhat confirms that ssh connection is up and pubkey auth stage has
been reached berfore pin dialog is shown.
Also tests was performed without the key on serverside, which brung
the dialog that the user was not authorized to connected to the server.