diff --git a/ssh-agent.c b/ssh-agent.c

index 1320cda..2441329 100644

--- a/ssh-agent.c

+++ b/ssh-agent.c

@@ -821,7 +821,7 @@ send:

 static void

 process_remove_smartcard_key(SocketEntry *e)

 {

-	char *provider = NULL, *pin = NULL;

+	char *provider = NULL, *pin = NULL, canonical_provider[PATH_MAX];

 	int r, version, success = 0;

 	Identity *id, *nxt;

 	Idtab *tab;

@@ -831,6 +831,13 @@ process_remove_smartcard_key(SocketEntry *e)

 		fatal("%s: buffer error: %s", __func__, ssh_err(r));

 	free(pin);

+	if (realpath(provider, canonical_provider) == NULL) {

+		verbose("failed PKCS#11 add of \"%.100s\": realpath: %s",

+		    provider, strerror(errno));

+		goto send;

+	}

+

+	debug("%s: remove %.100s", __func__, canonical_provider);

 	for (version = 1; version < 3; version++) {

 		tab = idtab_lookup(version);

 		for (id = TAILQ_FIRST(&tab->idlist); id; id = nxt) {

@@ -838,18 +845,19 @@ process_remove_smartcard_key(SocketEntry *e)

 			/* Skip file--based keys */

 			if (id->provider == NULL)

 				continue;

-			if (!strcmp(provider, id->provider)) {

+			if (!strcmp(canonical_provider, id->provider)) {

 				TAILQ_REMOVE(&tab->idlist, id, next);

 				free_identity(id);

 				tab->nentries--;

 			}

 		}

 	}

-	if (pkcs11_del_provider(provider) == 0)

+	if (pkcs11_del_provider(canonical_provider) == 0)

 		success = 1;

 	else

 		error("process_remove_smartcard_key:"

 		    " pkcs11_del_provider failed");

+send:

 	free(provider);

 	send_status(e, success);

 }