Currently Red Hat's smart card patch for OpenSSH makes it ask for a PIN when enumerating the crypto tokens. This means that the user will enter the PIN even though the client might fail to connect to the server, or that the server won't accept the public key.
We should modify the code to only ask for the PIN once it actually needs it.
This got fixed when we moved the smart card handling into tlclient.
Tested using client build 3680, running tlclient with -d5 for alot of debug, i can verify that when "NEXT AUTHMETHOD: publickey" the pin dialog is showed, which somewhat confirms that ssh connection is up and pubkey auth stage has been reached berfore pin dialog is shown.
Also tests was performed without the key on serverside, which brung
the dialog that the user was not authorized to connected to the server.