|
Package: openssh-client Version: 10.1p1-1 Severity: serious When attempting to read a smart card via PKCS11Provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so the following error is seen in the trace: debug1: pkcs11_start_helper: starting /usr/lib/openssh/ssh-pkcs11-helper -vvv debug3: pkcs11_init: called, interactive = 0 debug1: process_add debug3: process_add: add /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so debug1: provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so: manufacturerID <OpenSC Project> cryptokiVersion 2.20 libraryDescription <OpenSC smartcard framework> libraryVersion 0.26 debug1: provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0: label <PIV_II> manufacturerID <piv_II> model <PKCS#15 emulated> serial <3412b080a610d7e8> flags 0x40d pin required debug1: pkcs11_provider_finalize: provider "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" refcount 1 valid 1 debug1: pkcs11_provider_unref: provider "/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so" refcount 1 debug1: pkcs11_add_provider: provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so returned no keys debug1: pkcs11_add_provider: no keys; terminate helper Note the line "pin required"; however at no time does a prompt for a PIN occur. Back-revving to 10.0p1-8 fixes this, it prompts for a PIN, and the trace shows: debug1: provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so: manufacturerID <OpenSC Project> cryptokiVersion 2.20 libraryDescription <OpenSC smartcard framework> libraryVersion 0.26 debug1: provider /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so slot 0: label <PIV_II> manufacturerID <piv_II> model <PKCS#15 emulated> serial <3412b080a610d7e8> flags 0x40d debug1: have 1 keys |