1diff -urwN nxssh-orig/scard.c nxssh/scard.c 2--- nxssh-orig/scard.c 2006-11-07 13:14:42.000000000 +0100 3+++ nxssh/scard.c 2009-02-13 16:51:21.000000000 +0100 4@@ -24,6 +24,9 @@ 5 */ 6 7 #include "includes.h" 8+#if defined(SMARTCARD) 9+int ask_for_pin = 0; 10+#endif 11 #if defined(SMARTCARD) && defined(USE_SECTOK) 12 13 #include <sys/types.h> 14diff -urwN nxssh-orig/scard.h nxssh/scard.h 15--- nxssh-orig/scard.h 2006-08-05 04:39:40.000000000 +0200 16+++ nxssh/scard.h 2009-02-13 15:56:50.000000000 +0100 17@@ -31,6 +31,8 @@ 18 #define SCARD_ERROR_NOCARD -2 19 #define SCARD_ERROR_APPLET -3 20 21+extern int ask_for_pin; 22+ 23 Key **sc_get_keys(const char *, const char *); 24 void sc_close(void); 25 int sc_put_key(Key *, const char *); 26diff -urwN nxssh-orig/scard-opensc.c nxssh/scard-opensc.c 27--- nxssh-orig/scard-opensc.c 2007-03-12 21:35:39.000000000 +0100 28+++ nxssh/scard-opensc.c 2009-02-13 17:29:21.000000000 +0100 29@@ -124,6 +124,7 @@ 30 struct sc_pkcs15_prkey_info *key; 31 struct sc_pkcs15_object *pin_obj; 32 struct sc_pkcs15_pin_info *pin; 33+ char *passphrase = NULL; 34 35 priv = (struct sc_priv_data *) RSA_get_app_data(rsa); 36 if (priv == NULL) 37@@ -161,24 +162,47 @@ 38 goto err; 39 } 40 pin = pin_obj->data; 41+ 42+ if (sc_pin) 43+ passphrase = sc_pin; 44+ else if (ask_for_pin) { 45+ /* we need a pin but don't have one => ask for the pin */ 46+ char prompt[64]; 47+ 48+ snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ", 49+ key_obj->label ? key_obj->label : "smartcard key"); 50+ passphrase = read_passphrase(prompt, 0); 51+ if (!passphrase || !strcmp(passphrase, "")) 52+ goto err; 53+ } else 54+ /* no pin => error */ 55+ goto err; 56+ 57 r = sc_lock(card); 58 if (r) { 59 error("Unable to lock smartcard: %s", sc_strerror(r)); 60 goto err; 61 } 62- if (sc_pin != NULL) { 63- r = sc_pkcs15_verify_pin(p15card, pin, sc_pin, 64- strlen(sc_pin)); 65+ r = sc_pkcs15_verify_pin(p15card, pin, passphrase, 66+ strlen(passphrase)); 67 if (r) { 68 sc_unlock(card); 69 error("PIN code verification failed: %s", 70 sc_strerror(r)); 71 goto err; 72 } 73- } 74+ 75 *key_obj_out = key_obj; 76+ if (!sc_pin) { 77+ memset(passphrase, 0, strlen(passphrase)); 78+ xfree(passphrase); 79+ } 80 return 0; 81 err: 82+ if (!sc_pin && passphrase) { 83+ memset(passphrase, 0, strlen(passphrase)); 84+ xfree(passphrase); 85+ } 86 sc_close(); 87 return -1; 88 } 89diff -urwN nxssh-orig/ssh.c nxssh/ssh.c 90--- nxssh-orig/ssh.c 2007-09-12 14:49:25.000000000 +0200 91+++ nxssh/ssh.c 2009-02-13 17:02:43.000000000 +0100 92@@ -1594,6 +1594,9 @@ 93 #ifdef SMARTCARD 94 Key **keys; 95 96+ if (!options.batch_mode) 97+ ask_for_pin = 1; 98+ 99 if (options.smartcard_device != NULL && 100 options.num_identity_files < SSH_MAX_IDENTITY_FILES && 101 (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) { 102