Bug 7372 - Smart card authentication doesn't work when SSH banner is used
Summary: Smart card authentication doesn't work when SSH banner is used
Status: NEW
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Smart card (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: LowPrio
Assignee: Bugzilla mail exporter
Depends on:
Reported: 2019-08-28 11:10 CEST by Samuel Mannehed
Modified: 2019-09-04 12:43 CEST (History)
0 users

See Also:
Acceptance Criteria:


Description Samuel Mannehed cendio 2019-08-28 11:10:00 CEST
When banner is enabled on the server, authenticating with a smart card in the ThinLinc client won't work.

We never get the PIN prompt for the smart card and only see the banner message. When closing the banner message the login process is cancelled as if we never started it in the first place. Happens when using the client on all client platforms; Linux, Windows and macOS.

Looking at the flow of things in tlclient.log it seems like things are happening in a sort of wierd order:

2019-08-28T11:05:06: SSH pid is 28860
2019-08-28T11:05:06: ssh[E]: CONFIRM HOST KEY: localhost ::1 22 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE29XA4X2q6vsUwOsmJa/XJwe5IyN6mKxfOyIXDYdEwq7LXPkZgqT0KawgODygKB7zr7RXT8cl7+7GnWTw+LRgM=
2019-08-28T11:05:06: Host key previously known.
2019-08-28T11:05:06: ssh[E]: NEXT AUTHMETHOD: none
2019-08-28T11:05:06: ssh[E]: BANNER: banner\ntest\n
2019-08-28T11:05:06: Unable to open card session
2019-08-28T11:05:06: Querying user for passphrase...
2019-08-28T11:05:06: Signature operation aborted by user
2019-08-28T11:05:07: Process 28860 exited with code 255

It seems like when tlclient is handling the banner, ssh keeps on going and sending other stuff on the line. Our banner code is probably written with some incorrect assumptions.

Note You need to log in before you can comment on or make changes to this bug.