Skip to content

When using smartcards PINs are stored in the registry by ssh-agent #2341

New issue
New issue
Open
Open
When using smartcards PINs are stored in the registry by ssh-agent#2341
Labels
Area-ssh-agentIssue-EnhancementFeature request
@hpgarethd

Description

@hpgarethd
hpgarethd
opened on Mar 19, 2025

Prerequisites

  • Write a descriptive title.
  • Make sure you are able to repro it on the latest version
  • Search the existing issues.

Steps to reproduce

Using smartcards to hold private keys for ssh, I pondered how ssh-agent was able to reload the keys after a reboot.
It seems that when using the OpenSC opensc-pkcs11.dll to load the key to ssh-agent, the call to https://github.com/PowerShell/openssh-portable/blob/0096029101a77a9b6b45c8351d46dc9b081b5756/contrib/win32/win32compat/ssh-agent/keyagent-request.c#L106 ends up storing the entered card pin in the registry.
This is then easily extracted from the registry using an elevated shell.

There is no expectation that ssh-agent should be able to hold keys over a reboot or logout, and I definitely didn't expect ssh-agent to stash my PIN away in a fairly insecure way.

Expected behavior

ssh-agent should not store entered smartcard PINs in the registry

Actual behavior

ssh-agent stores entered PINs in the registry

Error details



Environment data


> $psversiontable

Name                           Value
----                           -----
PSVersion                      5.1.22621.4391
PSEdition                      Desktop

> ssh -V
OpenSSH_for_Windows_9.8p1 Win32-OpenSSH-GitHub, LibreSSL 3.9.2


Version


OpenSSH_for_Windows_9.8p1


Visuals
Metadata
Metadata
Assignees
No one assigned
    Labels
    Area-ssh-agentIssue-EnhancementFeature request
    Type
    No type
    Projects
    No projects
    Milestone
    No milestone
    Relationships
    None yet
    Development
    No branches or pull requests
    Issue actions