When using smartcards PINs are stored in the registry by ssh-agent

[hpgarethd]

trafficstars

Prerequisites

• [x] Write a descriptive title.
• [x] Make sure you are able to repro it on the latest version
• [x] Search the existing issues.

Steps to reproduce

Using smartcards to hold private keys for ssh, I pondered how ssh-agent was able to reload the keys after a reboot. It seems that when using the OpenSC opensc-pkcs11.dll to load the key to ssh-agent, the call to https://github.com/PowerShell/openssh-portable/blob/0096029101a77a9b6b45c8351d46dc9b081b5756/contrib/win32/win32compat/ssh-agent/keyagent-request.c#L106 ends up storing the entered card pin in the registry. This is then easily extracted from the registry using an elevated shell.

There is no expectation that ssh-agent should be able to hold keys over a reboot or logout, and I definitely didn't expect ssh-agent to stash my PIN away in a fairly insecure way.

Expected behavior

ssh-agent should not store entered smartcard PINs in the registry

Actual behavior

ssh-agent stores entered PINs in the registry

Error details

Environment data

> $psversiontable

Name                           Value
----                           -----
PSVersion                      5.1.22621.4391
PSEdition                      Desktop

> ssh -V
OpenSSH_for_Windows_9.8p1 Win32-OpenSSH-GitHub, LibreSSL 3.9.2

Version

OpenSSH_for_Windows_9.8p1

Visuals