fix tokencheck

bin/startagent

@@ -73,6 +73,29 @@ EOF
 
 }
 
+check_token(){
+
+    # it's the same as in functions.sh
+    # defined here also, to work also in environments, where functions.sh couldn't be sourced
+    [ -z "${P11M:+x}" ] && { P11M=$PKCS11_MODULE; export P11M; }
+
+    local tmppubkey="${XDG_RUNTIME_DIR}/token.pub"
+    # If DISPLAY is set, ssh-add calls ssh-askpass, and if its in remote-terminal, it wont work
+    # So remember and unset DISPLAY, and set it at the end again, if it was set before
+    [ $DISPLAY ] && local DISPLAY_ORIG=$DISPLAY
+    [ $DISPLAY ] && logdebug "unset DISPLAY: $DISPLAY"
+    [ $DISPLAY ] && unset DISPLAY
+    
+    # Write public keys of all in agent stored keys to a temporary file
+    loginfo "$(ssh-add -L > $tmppubkey)"
+    # Check if public-keys in tmppubkey are working. They are not working, if you removed and add back hardware-token. 
+    loginfo "$(ssh-add -T ${tmppubkey} || { ssh-add -e $P11M; set -x; ssh-add -s $P11M; } )"
+    loginfo "$(ssh-add -l)"
+    [ $DISPLAY_ORIG ] && logdebug "reset DISPLAY=$DISPLAY_ORIG"
+    [ $DISPLAY_ORIG ] && export DISPLAY=$DISPLAY_ORIG
+
+}
+
 createonly=false
 tokenonly=false
 readd=false
@@ -370,6 +393,7 @@ ssh-runinagent () {
 
 if [[ $SSH_TTY || $X2GO_SESSION ]] ; then
     logdebug "run with forwarded ssh-agent"
+    check_token
     res=1
 else
     logdebug "run with local ssh-agent"