search for: cryptocard

Hi, I had a contractor write a patch to allow CryptoCard support in OpenSSH. It works with portable openssh-2.1.1p4, and it was posted to the SSH mailing lists, but I see that it hasn't been included in the openssh-2.2.0p1 release. Would it be possible to include this patch in the official release? The reason why I ask is because it will not be di...

Hi, this is merely FYI, but i would appreciate if someone had any comments or further information on the topic. We were using the following setup : cryptocard easyradius with RB-1 hardware tokens (hex or decimal display, synchronous (quicklog) mode) f-secure ssh with pam radius authentication This worked fine until we updated to openssh 2.9p2. Then all authentications where the response included alpha characters did not work anymore. That means that...

...ation, but we want to make > sure our traffic remains encrypted. Any solutions? > >We are doing exactly such thing. I did not want to make mistake of most challenge responce systems which run in clear-text on insecure solaris machines (god knows I seen many of > those). We are using Cryptocard from <http://www.cryptocard.com> -- the challenge response system is working over ssh using TIS Authentication. All windows people have to use >SecureCRT since F-Secure windows client does not do TIS. Unix does it by default (just -o 'TISAuthenticaion yes'). So you get: 63-jkb(naut...

Hello , I have bought a cryptocard and i want to make it work openssh, now I need to initialize my token, install the cryptocard patch ( http://projects.jdimedia.nl/files/openssh-cryptocard.patch). The patch reads it's data from a file I've heard that some users made a conversion script from the CryptoADMIN server export to...

Greetings all, I'm working on attempting to get SAMBA to work with a product line called CryptoCard. I *should* be able to get it to work one of two ways, either through the use of CryptoCard's provided PAM module, or through RADIUS authentication. Currently, I cannot seem to get PAM authentication to work at all. This is what is in the 'samba' file for PAM: auth required...

Hi, I just finished integrating CryptoCard support in OpenSSH. - Native X9.9 support. Should work with CryptoCard en Secure Computing tokens. This basically gives support for Challenge / Response - Licensed under BSD license I'll put the patch on http://www.jdimedia.nl/igmar/pam, but that wil shorty change to projects.jdimedia....

Hello all, You may find this interesting: http://jemmari.tky.hut.fi/sc/ Here in Finland, we have cryptocards which have a PKCS#15 interface. They already have RSA keys stored in them, and can be used in various applications. I'm sure they're getting more common elsewhere too. Juha Yrj?l? et al have added support for these as a patch, and are providing libraries (under LGPL though) to use the ca...

Hi, Patch that makes CryptoCard word natively with OpenSSH is on http://www.jdimedia.nl/igmar/openssh Damien, please forward this to any list you thing is relevant. Regards, Igmar Palsenberg JDI Media Solutions -- Igmar Palsenberg JDI Media Solutions Jansplaats 11 6811 GB Arnhem The Netherlands mailto: i.palsenberg a...

Hello all, I just noticed that 'KbdInteractiveAuthentication' is not mentioned in sshd.8 or anywhere else on the man page. Someone with better knowledge about it than me, please fix this :-) Also, there were talks about supporting cryptocards about 3 months ago. Is there work being done on this? -- Pekka Savola "Tell me of difficulties surmounted, Pekka.Savola at netcore.fi not those you stumble over and fall"

...nSSH to OpenBSD machines from anywhere in the world (unsave computers). So I think I must use a challenge-response system with an hardware token that isn't connected to the computer. I do not want to use a RSA ACE/SERVER, so i can't use SecurID ? I can't use challenge response mode with cryptocard, because I want to protect it against an attacker that can break DES. Is it possible to use ActivCard with OpenSSH and OpenBSD ? Are there other solutions ? Is there anyone who can help me ? Thanx, >SecurID is probably the easiest (for you and your users). Cryptocard is >probably the chea...

Is it posible to use the openssh-cryptocard.patch (This patch adds native Challenge/Reponse authentication to OpenSSH) in synchronous mode on *BSD ? are other patches ? I thought it wasn't posible to use pam on *BSD ? Gr l

Hi, OpenSSH doesn't comply to the PAM spec, and always assume that a password is asked. This prevents for example pam-cryptocard from operating. I'll post a patch this week to make things work.... (and will also change the pam-cryptocard name. It's to confusing :) Regards, Igmar -- -- Igmar Palsenberg JDI Media Solutions Jansplaats 11 6811 GB Arnhem The Netherlands mailto: i.palsenberg at jdimedia.nl

...a Windows ADS (note: It's the newer windows ADS, so there is no NT Domain as in the old NT format). There are also a number of *nix servers (AIX) that have data on them. They want to use Samba as basically, an NFS server to serve out shares to the users on their PCs. BUT... They use a "CryptoCard" (Kerberos) password encryption on the AIX boxes. They want Samba to prompt for Kerberos passwords before allowing the connection. Is this even possible? If so, I need some serious help getting it all set up. Also: Their current Samba servers are running Samba 2.2.8a (sans kerberos). They...

...Windows 98 Connection mode: SSH Options selected: -------------------------- Connection Terminal type string xterm Auto-login username (blank) (also tried using local login name) SSH Remote command (blank) Attempt TIS or Cryptocard... (not checked) Allows agent forwarding (not checked) Don't allocate a pseudo-term. (not checked) Preferred Protocol vers. SSH2 Preferred Encryption algo. 3DES Imitate MAC bug in com... (not checked) The author of putty (putty at projects.tartarus.org) has already been...

...ion| |INVALID ------- Additional Comments From dtucker at zip.com.au 2003-12-22 22:35 ------- Matthew: no reply = closed bug. Jason: make sure PuTTY is using SSHv2 (many versions default to SSHv1 if the server supports both) or if using SSHv1 that you have "TIS/Cryptocard" auth enabled (which is disabled by default). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

Some reactions on the thread : Integrating SmartCard in PAM is no problem. Problem I'm facing with for example CryptoCard and SecureID tokens is that those manufacturers refuse to give out any form of information about the internal operation of those tokens. That prevents me from implementing event synchronous mode. The best way to handle this with SSH is probably the way for example Apache and PAM handles those : U...

...omeone please review this change? http://131.188.30.102/~msfriedl/openssh/SSHD_AUTH_PATCH is a diff against openbsd's cvs and will commited ASAP. the patch tries to unify various challenge/response methods in ssh1 and ssh2. faking s/key is dropped, since i am not sure what do do for faking cryptocard and other challenge/response methods. -markus

I have some Solaris 7 boxes (Ultra 3 and Ultra Enterprise 250 hardware) that I have compiled both 3.7p1 and 3.7.1p1 on and am having some problems. I am using the same "configure" options that I have in the past (without problems). I have tried both new and existing (previously working) ssh_config and sshd_config files. The new versions seem to have broken SSH 1 support (and

I noticed that (perhaps because ':' is invalid in a username) you can say ssh -l user:style host, where the "user:style" is sent by the client, and the server strips the ":style" part off and makes it available as part of the authentication context. It's currently unused. What are the plans for this, if any? I was experimenting with the idea of using it with SRP

Hi, We at BalaBit IT Security Ltd developed a patch against openssh 2.3.0p1 to support TIS authserv authentication. TIS authserv uses a simple protocol, and supports CryptoCard, SKey, password etc. authentication. The commercial versions of SSH support this protocol, OpenSSH implemented SKey on its own using the protocol primitives originally invented for TIS authentication. Our patch is an alternative to S/Key support in OpenSSH, the two cannot be compiled in at the sa...