Sorry for not replying correctly, I subscribed after this thread was started > > Bug 2430 - ssh-keygen should allow to login before reading public > > key > > from smart card > > Bug 2652 - PKCS11 login skipped if login required and no pin set > > Bug 2638 - Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the > > private objects > > Bug 2474 - Enabling ECDSA in PKCS#11 support for ssh-agent > > Bug 2817 - Add support for PKCS#11 URIs (RFC 7512) > > Bug 2472 - Add support to load additional certificates > > Bug 2075 - [PATCH] Enable key pair generation on a PCKS#11 device >From a user perspective, #2474 and #2472 are the absolute showstoppers - there’s no solution or workaround that can be implemented without them… or at least those kept popping for me over the years. Jan _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev