search for: pkcs11_del_provider

Displaying 3 results from an estimated 3 matches for "pkcs11_del_provider".

2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
...ils with "agent refused operation". I've looked at the code, and it appears that register_pkcs11_provider (https://github.com/openssh/openssh-portable/blob/master/ssh-pkcs11.c#L1470) fails if a PKCS#11 provider already exists. However, PKCS#11 providers are never unloaded. There is a pkcs11_del_provider but it is never called. That means that after deleting a key, there is no way to re-add it. Also, since removing a USB smartcard reader results in ssh-agent losing its session, the user must call ssh-add again after reinserting the USB card reader, and that second ssh-add will fail in the same way...
2017 Feb 21
5
[Bug 2682] New: ssh-agent is unable to remove smartcard after introducing whitelist
...so Enter passphrase for PKCS#11: Card added: /usr/lib64/pkcs11/opensc-pkcs11.so $ ssh-add -e /usr/lib64/opensc-pkcs11.so Could not remove card "/usr/lib64/opensc-pkcs11.so": agent refused operation >From the ssh-agent log we can see: process_remove_smartcard_key: pkcs11_del_provider failed the problem is the call to the realpath(3), which resolves the symlinks and passes to the pkcs11-code already target of that symlink. I understand that it is needed for the whitelist to be effective, but it is getting confusing that one input is sanitized, the second not and they are compa...
2020 Feb 24
4
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
...de, and it appears that > > register_pkcs11_provider > > ( > > https://github.com/openssh/openssh-portable/blob/master/ssh-pkcs11.c#L1470 > > ) > > fails if a PKCS#11 provider already exists. However, PKCS#11 > > providers > > are never unloaded. There is a pkcs11_del_provider but it is never > > called. > > > > That means that after deleting a key, there is no way to re-add it. > > Also, since > > removing a USB smartcard reader results in ssh-agent losing its > > session, the > > user must call ssh-add again after reinserting...