www.cendio.com
Bug 2991 - make openssh ask for pin only when needed
: make openssh ask for pin only when needed
Status: CLOSED FIXED
: ThinLinc
Client
: pre-1.0
: PC Linux
: P2 Enhancement
: 4.0.0
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2009-01-20 11:30 by
Modified: 2012-11-28 12:10 (History)


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description From cendio 2009-01-20 11:30:02
Currently Red Hat's smart card patch for OpenSSH makes it ask for a PIN when
enumerating the crypto tokens. This means that the user will enter the PIN even
though the client might fail to connect to the server, or that the server won't
accept the public key.

We should modify the code to only ask for the PIN once it actually needs it.
------- Comment #1 From cendio 2012-10-01 11:00:46 -------
This got fixed when we moved the smart card handling into tlclient.
------- Comment #2 From cendio 2012-10-15 11:37:51 -------
Tested using client build 3680, running tlclient with -d5 for alot of debug, i
can verify that when "NEXT AUTHMETHOD: publickey" the pin dialog is showed,
which somewhat confirms that ssh connection is up and pubkey auth stage has
been reached berfore pin dialog is shown.
------- Comment #3 From cendio 2012-10-15 12:22:06 -------
Also tests was performed without the key on serverside, which brung
the dialog that the user was not authorized to connected to the server.