https://bugzilla.mindrot.org/show_bug.cgi?id=3432
Bug ID: 3432 Summary: ssh-add: Skip PKCS11 pin prompt with TEE identity Product: Portable OpenSSH Version: v9.0p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh-add Assignee: unassigned-b...@mindrot.org Reporter: profmak...@gmail.com TEE Identity-based authentication provides functionality to log in without a pin but using a User or Group identity. The feature is valuable for embedded devices where there is no user interaction. With the TEE Identity authentication, the pin should be empty. The use case is: CKTEEC_LOGIN_TYPE=user ssh-add -s /usr/lib/libckteec.so.0 For TEE Identity-based auth pin should be provided as an empty string. But in the current implementation, if a pin is empty the message structure will not be populated with the pin(see sshbuf_put_string). As a result, the error: "pin required". As a solution add a new line character. The details about the TEE Identity-based authentication: OP-TEE/optee_os#4222 The implementation is in the following pull request: https://github.com/openssh/openssh-portable/pull/318 -- You are receiving this mail because: You are watching the assignee of the bug. _______________________________________________ openssh-bugs mailing list openssh-bugs@mindrot.org https://lists.mindrot.org/mailman/listinfo/openssh-bugs