On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote:> You might wish to focus on sftp instead of scp.Okay, I will have a look. I had some problems: 1) I would like to store smart card information -o PKCS11Provider=/usr/lib/opensc-pkcs11.so in /etc/ssh/ssh-config. Is it possible? 2) ssh-add -s does not seem to work. Read: http://www.gooze.eu/howto/using-openssh-scp-with-smart-cards-pkcs11/using-ssh-authentication-agent-ssh-add-with Can anyone help with these issues. Kind regards, Jean-Michel
On Tue, Apr 06, 2010 at 05:05:22PM +0200, Fran?ois P?rou wrote:> On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote: > > You might wish to focus on sftp instead of scp. > Okay, I will have a look. > > I had some problems: > > 1) I would like to store smart card information > -o PKCS11Provider=/usr/lib/opensc-pkcs11.so > in /etc/ssh/ssh-config. Is it possible?yes, echo PKCS11Provider /usr/lib/opensc-pkcs11.so > /etc/ssh/config> 2) ssh-add -s does not seem to work.you have to use ssh-add -s /usr/lib/opensc-pkcs11.so
On Tue, 2010-04-06 at 20:50 +0200, Markus Friedl wrote:> echo PKCS11Provider /usr/lib/opensc-pkcs11.so > /etc/ssh/configThanks a lot.> > 2) ssh-add -s does not seem to work.ssh-add -s /usr/lib/opensc-pkcs11.so Enter passphrase for PKCS#11: SSH_AGENT_FAILURE Could not add card: /usr/lib/opensc-pkcs11.so How can I provide more debug? If you need a free PKI card and you live in the European-Union, I can send some for developing and testing OpenSSH. Kind regards, Jean-Michel
On Wed, 2010-04-07 at 07:25 +0200, Fran?ois P?rou wrote:> > echo PKCS11Provider /usr/lib/opensc-pkcs11.so > /etc/ssh/config/etc/ssh/ssh_config SendEnv LANG LC_* HashKnownHosts yes GSSAPIAuthentication yes GSSAPIDelegateCredentials no PKCS11Provider /usr/lib/opensc-pkcs11.so Then when I try ssh user at foo.com, it does not use smartcards. Permission denied (publickey). In fact, the -v lof shows that ssh does not search for smartcards. If you would like to implement more smart card features, it would be nice for some of you to have testing cards. To apply for free cards: http://www.gooze.eu/feitian-pki-free-software-developer-card Really, it would make me happy. Kind regards, Jean-Michel
Seemingly Similar Threads
- Donation of 10 ePass2003 to the OpenSSH project
- certificates keys on pkcs11 devices
- [Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
- OpenSSH PKCS#11merge
- [Bug 1736] New: OpenSSH doesn't seem to work with my MuscleCard PKCS#11 library