https://bugzilla.mindrot.org/show_bug.cgi?id=3879
--- Comment #9 from Damien Miller <[email protected]> --- Created attachment 3914 --> https://bugzilla.mindrot.org/attachment.cgi?id=3914&action=edit Link ssh against ssh-pkcs11.o directly Actually, I think this approach might be better. ssh-pkcs11-client.c is mostly meant for non-interactive cases. PIN entry might work if there's a tty around (or ssh-askpass), but it doesn't have stdin/out attached. ssh-pkcs11.c, has the same API. I think it makes more sense to use this directly in ssh and ssh-keygen, which we similarly fixed in 10.2) We have the -client/-helper system mostly for ssh-agent, where we don't want a potentially-hostile PKCS11 module added via the agent socket getting access to ssh-agent's address space, which may contain private keys. For ssh this concern doesn't exist, as the PKCS11Provider must be specified on the commandline or in the config file -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug. _______________________________________________ openssh-bugs mailing list [email protected] https://lists.mindrot.org/mailman/listinfo/openssh-bugs
