Closed cellarweasel closed 3 days ago
Its a security feature. By doing ssh localhost
the new session is treated as a network user. Network user's do not get access to devices like: camera, microphone, usb drives, smart card readers. How it is done varies be OS.
You can see the devices, but can not use them. opensc-tool -l
is an attempt to use the device via PCSC.
For example, a remote user should not be able to ssh to your machine and use your smartcard which maybe unlocked, to sign anything.
There are ways to use the local devices from a remote host. Ssh tunneling can be used, Google for: "ssh tunnel smartcard" or Google for: "rdp"
Doug already explained the reasons. This is out of scope of the OpenSC as this is handled on the pcsc-layer so in any case, I would propose moving this to discussion.
Thank you gentleman. Doug very kindly did point out where the protocol that does this is speicifed (pcsc), and Jakub is right, that this is technically not an issue or per say solved, but could be moved to discussions.
Problem Description
I've found unexpected (to me) behavior and it might honestly be an important feature but I just wanted to ask the group if I'm understanding what I'm seeing.
Proposed Resolution
Maybe none as this might be required behavior. But perhaps some obvious documentation that this happens. (maybe I'm even just missing that bit of the wiki? But I've put a semi-decent amount of time into reading opensc's issues and docs so perhaps this is still obscure.)
Steps to reproduce
See the above cli session. Simpy create an ssh session and the 'presence' of my card reader disappears.
Logs
N/A, but let me know if you want to see anything else.
using version 0.25.0 of opensc on Fedora 39
lsusb shows the same usb devices of course inside or outside network connections.