Add credential prompts for PKCS11-based SSH keys #4646
Conversation
| @@ -391,6 +391,7 @@ func (self *cmdObjRunner) getCheckForCredentialRequestFunc() func([]byte) (Crede | |||
| `Username\s*for\s*'.+':`: Username, | |||
| `Enter\s*passphrase\s*for\s*key\s*'.+':`: Passphrase, | |||
| `Enter\s*PIN\s*for\s*.+\s*key\s*.+:`: PIN, | |||
| `Enter\s*PIN\s*for\s*'.+':`: PIN, | |||
There was a problem hiding this comment.
I'm not familiar with the problem domain at all, so not sure this makes sense, but do we have to match the single quotes explicitly, or the "key" in the previous pattern? Just wondering if we should combine the two PIN patterns into one, e.g. Enter\s*PIN\s*for\s*.+:.
There was a problem hiding this comment.
I think there are many cases which match Enter\s*PIN\s*for\s*.+: in OpenSSH, such as Enter PIN for CA key and Enter PIN for authenticator. Although these situations are not common during the SSH connection process established by git,, it is still worth considering handling different input conditions separately.
There was a problem hiding this comment.
in #4018 I choose *(key\s*.+|'.+') to either match key ... or '...'
|
Similar to #4018 |
I noticed that your PR was submitted a long time ago. Why hasn't it been merged yet? |
Because it fell through the cracks, apparently. Happens all the time when open source maintainers have little time next to their day jobs. I hope this will happen less often in the future, but do feel free to ping next time something seems to get stuck for no reason. In this case I'd tend to merge this PR, and close #4018 as superseded by this. Does this work for both of you? |
|
I'm ok with it. |
stefanhaller
force-pushed
the
pkcs11-key-prompts
branch
from
ef04887 to
b5c2524
Compare
Similar to Add credential prompts for U2F-backed SSH keys #2239, add credential prompts for PKCS11-based SSH keys. OpenSSH code reference is here.
go generate ./...)