Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'needs manual reloading every time the YubiKey is unplugged or the machine goes to sleep' is not accurate #131

Closed
ThomasHabets opened this issue Aug 16, 2022 · 2 comments
Closed

'needs manual reloading every time the YubiKey is unplugged or the machine goes to sleep' is not accurate #131

ThomasHabets opened this issue Aug 16, 2022 · 2 comments

Comments

@ThomasHabets
Copy link

At least on Linux PKCS#11 with opensc works great through suspends. One pinentry per boot, using

I also don't know what this means:

The UX of this solution is poor: it requires calling ssh-add to load the PKCS#11 module and to unlock it with the PIN (as the agent has no way of requesting input from the client during use

How could the UX possibly be better than that?
@FiloSottile
Copy link
Owner

That's not my experience on macOS. It's also weird it would cache across suspends, as that would mean the PIN lives in memory, which is not great.

How could the UX possibly be better than that?

As the next words in the sentence you quoted explain, by being always running and using a graphical Pinentry.

@ThomasHabets
Copy link
Author

Yeah i didnt understand that either. I get graphical pinentry by default on Linux.

And what's not always running in that method?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ThomasHabets @FiloSottile