1diff -urwN nxssh-orig/scard.c nxssh/scard.c
2--- nxssh-orig/scard.c	2006-11-07 13:14:42.000000000 +0100
3+++ nxssh/scard.c	2009-02-13 16:51:21.000000000 +0100
4@@ -24,6 +24,9 @@
5  */
6
7 #include "includes.h"
8+#if defined(SMARTCARD)
9+int ask_for_pin = 0;
10+#endif
11 #if defined(SMARTCARD) && defined(USE_SECTOK)
12
13 #include <sys/types.h>
14diff -urwN nxssh-orig/scard.h nxssh/scard.h
15--- nxssh-orig/scard.h	2006-08-05 04:39:40.000000000 +0200
16+++ nxssh/scard.h	2009-02-13 15:56:50.000000000 +0100
17@@ -31,6 +31,8 @@
18 #define SCARD_ERROR_NOCARD	-2
19 #define SCARD_ERROR_APPLET	-3
20
21+extern int ask_for_pin;
22+
23 Key	**sc_get_keys(const char *, const char *);
24 void	 sc_close(void);
25 int	 sc_put_key(Key *, const char *);
26diff -urwN nxssh-orig/scard-opensc.c nxssh/scard-opensc.c
27--- nxssh-orig/scard-opensc.c	2007-03-12 21:35:39.000000000 +0100
28+++ nxssh/scard-opensc.c	2009-02-13 17:29:21.000000000 +0100
29@@ -124,6 +124,7 @@
30 	struct sc_pkcs15_prkey_info *key;
31 	struct sc_pkcs15_object *pin_obj;
32 	struct sc_pkcs15_pin_info *pin;
33+	char *passphrase = NULL;
34
35 	priv = (struct sc_priv_data *) RSA_get_app_data(rsa);
36 	if (priv == NULL)
37@@ -161,24 +162,47 @@
38 		goto err;
39 	}
40 	pin = pin_obj->data;
41+
42+	if (sc_pin)
43+		passphrase = sc_pin;
44+	else if (ask_for_pin) {
45+		/* we need a pin but don't have one => ask for the pin */
46+		char prompt[64];
47+
48+		snprintf(prompt, sizeof(prompt), "Enter PIN for %s: ",
49+			key_obj->label ? key_obj->label : "smartcard key");
50+		passphrase = read_passphrase(prompt, 0);
51+		if (!passphrase || !strcmp(passphrase, ""))
52+			goto err;
53+	} else
54+		/* no pin => error */
55+		goto err;
56+
57 	r = sc_lock(card);
58 	if (r) {
59 		error("Unable to lock smartcard: %s", sc_strerror(r));
60 		goto err;
61 	}
62-	if (sc_pin != NULL) {
63-		r = sc_pkcs15_verify_pin(p15card, pin, sc_pin,
64-					 strlen(sc_pin));
65+	r = sc_pkcs15_verify_pin(p15card, pin, passphrase,
66+				 strlen(passphrase));
67 		if (r) {
68 			sc_unlock(card);
69 			error("PIN code verification failed: %s",
70 			      sc_strerror(r));
71 			goto err;
72 		}
73-	}
74+
75 	*key_obj_out = key_obj;
76+	if (!sc_pin) {
77+		memset(passphrase, 0, strlen(passphrase));
78+		xfree(passphrase);
79+	}
80 	return 0;
81 err:
82+	if (!sc_pin && passphrase) {
83+		memset(passphrase, 0, strlen(passphrase));
84+		xfree(passphrase);
85+	}
86 	sc_close();
87 	return -1;
88 }
89diff -urwN nxssh-orig/ssh.c nxssh/ssh.c
90--- nxssh-orig/ssh.c	2007-09-12 14:49:25.000000000 +0200
91+++ nxssh/ssh.c	2009-02-13 17:02:43.000000000 +0100
92@@ -1594,6 +1594,9 @@
93 #ifdef SMARTCARD
94 	Key **keys;
95
96+	if (!options.batch_mode)
97+		ask_for_pin = 1;
98+
99 	if (options.smartcard_device != NULL &&
100 	    options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
101 	    (keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) {
102