When banner is enabled on the server, authenticating with a smart card in the ThinLinc client won't work.
We never get the PIN prompt for the smart card and only see the banner message. When closing the banner message the login process is cancelled as if we never started it in the first place. Happens when using the client on all client platforms; Linux, Windows and macOS.
Looking at the flow of things in tlclient.log it seems like things are happening in a sort of wierd order:
2019-08-28T11:05:06: SSH pid is 28860
2019-08-28T11:05:06: ssh[E]: CONFIRM HOST KEY: localhost ::1 22 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBE29XA4X2q6vsUwOsmJa/XJwe5IyN6mKxfOyIXDYdEwq7LXPkZgqT0KawgODygKB7zr7RXT8cl7+7GnWTw+LRgM=
2019-08-28T11:05:06: Host key previously known.
2019-08-28T11:05:06: ssh[E]: NEXT AUTHMETHOD: none
2019-08-28T11:05:06: ssh[E]: BANNER: banner\ntest\n
2019-08-28T11:05:06: Unable to open card session
2019-08-28T11:05:06: Querying user for passphrase...
2019-08-28T11:05:06: Signature operation aborted by user
2019-08-28T11:05:07: Process 28860 exited with code 255
It seems like when tlclient is handling the banner, ssh keeps on going and sending other stuff on the line. Our banner code is probably written with some incorrect assumptions.