search

aeolwyr / tergent

A cryptoki library that uses Android keystore as the backend
GNU General Public License v3.0
72 stars 7 forks source link

ssh-add -s $PREFIX/lib/libtergent.so asks for a PIN #19

Open nomeata opened 1 year ago

nomeata commented 1 year ago

I noticed that I can use tergent with ssh-agent just fine: https://github.com/aeolwyr/tergent/issues/15#issuecomment-1479797342

But ssh-add -s $PREFIX/lib/libtergent.so asks for a PIN (empty pin is fine), which doesn't make much sense to me, and makes it harder to include that setup in an automated startup script.

Why does ssh-add ask for a PIN here, and can it be avoided?

eggbean commented 8 months ago

Maybe PKCS#11 cards usually have a PIN number and ssh-agent expects that?

But in my case it's asking for a passphrase, not pin. I have dealt with this minor annoyance using an expect script.

I have this in my .zshenv:

# ssh-agent (Android)
if [[ $(uname -o) == Android ]]; then
  if [[ -z $SSH_AGENT_PID ]]; then
    eval $(ssh-agent -s) >/dev/null
    expect ~/.dotfiles/bin/android/ssh-agent-tergent.exp >/dev/null
  fi
fi

And the expect script:

#!/data/data/com.termux/files/usr/bin/expect

spawn ssh-add -s /data/data/com.termux/files/usr/lib/libtergent.so
expect -exact "Enter passphrase for PKCS\#11:"
send -- "foobar\r"
expect eof