On Tue, Feb 25, 2020 at 1:09 AM Jakub Jelen <jjelen@xxxxxxxxxx> wrote: > Thank you for pointing that. It is certainly something that should be > fixed. Can you open a new bug in so it will not get lost: Done, thanks. https://bugzilla.mindrot.org/show_bug.cgi?id=3125 > Never unloading pkcs11 modules can have unexpected results for users of > for example long running ssh-agents and updates -- if you update pkcs11 > module, you expect that if you remove it and add it back, it will load > the new one. This is a good point. The same is true of updates to ssh-agent itself, though. Are updates to pkcs11 modules more frequent, or more urgent, than updates to ssh-agent? An idea: - ssh-add retains its ability to explicitly unload providers via `-e` - ssh-agent stops treating it as an error to request loading of the same provider twice. I believe this would fix the `-D` and `-d` use cases. Is there a reason that ssh-agent should treat a second load request for the same provider as an error? _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
