Bug 589

Summary: scard-opensc.c: load only those keys for which there's a private key
Product: Portable OpenSSH Reporter: Nils Larsch <larsch>
Component: SmartcardAssignee: OpenSSH Bugzilla mailing list <openssh-bugs>
Status: CLOSED FIXED    
Severity: enhancement    
Priority: P2    
Version: -current   
Hardware: All   
OS: Linux   
Attachments:
Description Flags
proposed fix none

Description Nils Larsch 2003-06-05 19:02:50 AEST
sc_get_keys loads the public keys from every certificate stored
on the smartcard. Therefore public keys of CA certificate (or other
certs for which there's no corresponding private key on the smartcard)
are loaded into the ssh-agent. This has (at least) two drawbacks:
a) loading certificates from a smartcard is slow and
b) the useless public keys might confuse the user (which keys of the
   'ssh-add -L' output are actually usable in .ssh/authorized_keys).

Regards,
Nils
Comment 1 Nils Larsch 2003-06-05 19:04:00 AEST
Created attachment 324 [details]
proposed fix
Comment 2 Damien Miller 2003-06-05 19:19:50 AEST
Fix applied - thanks.
Comment 3 Damien Miller 2004-04-14 12:31:27 AEST
Mass change of VERIFIED bugs to CLOSED