https://bugzilla.mindrot.org/show_bug.cgi?id=2890
--- Comment #3 from Orion Poplawski <[email protected]> --- I'm a bit confused. First off, what version of openssh is this patch for? I had to tweak it a bit to apply to openssh-7.4p1-16.el7 and similar for openssh-7.9p1. Also, with openssh-7.4p1-16.el7 it doesn't appear to do anything for my use case, I still get: debug1: Next authentication method: publickey debug1: Offering RSA public key: /usr/lib64/opensc-pkcs11.so debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 60 debug1: Server accepts key: pkalg rsa-sha2-512 blen 279 debug2: input_userauth_pk_ok: fp SHA256:jBuSAbMlPTbA80YeT6JgUPJcm/c7LIDKV3Sn02UEbrg debug3: sign_and_send_pubkey: RSA SHA256:jBuSAbMlPTbA80YeT6JgUPJcm/c7LIDKV3Sn02UEbrg sign_and_send_pubkey: signing failed: agent refused operation debug1: Offering RSA public key: /usr/lib64/opensc-pkcs11.so debug3: send_pubkey_test debug3: send packet: type 50 debug2: we sent a publickey packet, wait for reply debug3: receive packet: type 51 Tracing through ssh-pkcs11-helper it seems that pkcs11_key_is_present() returns 0, so it does not refresh the key. But RSA_private_encrypt() fails. I'm guessing that I've already invoked C_Sign. -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
