libykcs11.dylib with ssh-agent: PIN not required after re-plugging the YubiKey

[jeinwag]

Hi,

I've configured an SSH key on my YubiKey 5C via PIV (using macOS 13.4.1). When initially loading the key into ssh-agent, PIN entry is required as expected. But when I remove the YubiKey and plug it in again, I can still open new SSH connections without having to enter the PIN again.

Is this the expected behaviour and is there any way to change it?

Regards,
Julian