Bug#911758: ssh-add doesn't recognize PKCS#11 URL

To: submit@bugs.debian.org
Subject: Bug#911758: ssh-add doesn't recognize PKCS#11 URL
From: Karen Arutyunov <karen@codesynthesis.com>
Date: Wed, 24 Oct 2018 15:29:32 +0300
Message-id: <[🔎] 37d4a6f3-48ef-c750-0d7d-e82843a13cb6@codesynthesis.com>
Reply-to: Karen Arutyunov <karen@codesynthesis.com>, 911758@bugs.debian.org

Package: openssh-client
Version: 1:7.8p1-1
Severity: important

When I specify PKCS#11 URL as a key file for ssh-add, it fails:

$ ssh-agent -s >~/ssh-agent.env
$ source ~/ssh-agent.env
Agent pid 579
$ ssh-add "pkcs11:token=auth;object=PIV%20AUTH%20pubkey"
pkcs11:token=auth;object=PIV%20AUTH%20pubkey: No such file or directory

I would expect it to work as on Fedora:

$ ssh-agent -s >~/ssh-agent.env
$ source ~/ssh-agent.env
Agent pid 31676
$ ssh-add "pkcs11:token=auth;object=PIV%20AUTH%20pubkey"
Enter passphrase for PKCS#11: ******
Card added: pkcs11:token=auth;object=PIV%20AUTH%20pubkey

On Debian it behaves as if the source package is compiled withENABLE_PKCS11 macro undefined, and so the PKCS#11-related code in thedo_file() function is out (see ssh-add.c file for details).


Also note that running the following command instead works correctly:

$ ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

I am using Debian GNU/Linux buster/sid, kernel 4.18.0-2-amd64 and libc62.27.

Reply to:

Follow-Ups:
- Bug#911758: ssh-add doesn't recognize PKCS#11 URL
  - From: Colin Watson <cjwatson@debian.org>
- Processed (with 1 error): Re: Bug#911758: ssh-add doesn't recognize PKCS#11 URL
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: openssh_7.9p1-1_source.changes ACCEPTED into unstable
Next by Date: Bug#911758: ssh-add doesn't recognize PKCS#11 URL
Previous by thread: openssh_7.9p1-1_source.changes ACCEPTED into unstable
Next by thread: Bug#911758: ssh-add doesn't recognize PKCS#11 URL
Index(es):
- Date
- Thread