| Summary: | ssh should not complain about "no slots" when PKCS11Provider is specified, but no slot is found nor used | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Jakub Jelen <jjelen> | ||||
| Component: | Smartcard | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | CLOSED FIXED | ||||||
| Severity: | enhancement | CC: | djm, jcpunk | ||||
| Priority: | P5 | Keywords: | patch | ||||
| Version: | 7.3p1 | ||||||
| Hardware: | Other | ||||||
| OS: | Linux | ||||||
| Bug Depends on: | |||||||
| Bug Blocks: | 2594, 3058 | ||||||
| Attachments: |
|
||||||
Thanks - I've committed a variant of this that moves the messages to debug() and adds the provider ID and slot number to the other log calls in there. closing resolved bugs as of 8.6p1 release |
Created attachment 2868 [details] drop verbosity of pkcs11 "errors" Specifying a PKCS11Provider in the configuration and using the ssh without a card inserted results in the error no slots during the pkcs11 initialization. This error is in no way fatal and usually does not require user attention. We might argue that that the user should configure this option only when it is absolutely needed using proper match blocks, but even though the verbosity is too high and without any context does not make much sense. Also other messages informing about "provider already registered" and about "no keys" are not too important to show as error() form my point of view. Also in most of these logging functions, there is missing context and the user does not have the slightest idea where does these messages come from and what do they mean. Prefixing them with the function name also seems like reasonable idea.