search for: smartcard

Hi all, I'm new to this mailing list, so I apologize if my question is "obsolete" for you. I'd like to know if anybody has a clear idea about how to connect smartcards to the SSH framework. I yet got a modified ssh-agent (by Stephen Pellicer) that uses SSP-Lite (CyberflexAccess driver by me) in order to use the smartcard instead of the HD files. Instead, I'd like to INTEGRATE that with the original, file-based, ssh environment. I'd like to know what d...

Hi all, as an example of SSP-Lite middleware, I modified the OpenSSH-2.9p2 sources to support Smart Cards. The new module is just an experiment. It uses an OpenSSL's new RSA method I built to communicate with the smartcard through the SSP/PCSC stack when normal OpenSSL RSA operations are invoked by OpenSSH. I couldn't embed the module as I wanted into the OpenSSH sources because of the lack of generality of the "key.h" interface. I have some ideas to change that. If anybody is interested in using/test...

Hi all, as an example of SSP-Lite middleware, I modified the OpenSSH-2.9p2 sources to support Smart Cards. The new module is just an experiment. It uses an OpenSSL's new RSA method I built to communicate with the smartcard through the SSP/PCSC stack when normal OpenSSL RSA operations are invoked by OpenSSH. I couldn't embed the module as I wanted into the OpenSSH sources because of the lack of generality of the "key.h" interface. I have some ideas to change that. If anybody is interested in using/test...

Hi, I am not sure if this the right place for the question. Sorry if not ... My System: SuSE 9.2 OpenSSH 3.9p1 I have trouble to use a Smartcard with openssh. If i try to connect directly to the Smartcard, it fails: ssh -I 0:45 localhost card-etoken.c:175:etoken_check_sw: required access right not granted card-etoken.c:631:do_compute_signature: returning with: Security status not satisfied card-etoken.c:175:etoken_check_sw: required ac...

...out there who can give me some informations about this issue?... Thanks, Elek J?zsef -----Original Message----- From: Elek J?zsef [mailto:elekj@ekg.gov.hu] Sent: Thursday, October 03, 2002 9:57 AM To: samba@lists.samba.org Cc: K-D Andr?si Istv?n Subject: Question regarding the possibility of W2K smartcard logon Hi! I could not find any documentation about the possibility of W2K smartcard-based logon using Samba as a PDC (no MS on the logon server side). Is it possible? If yes: Is it possible in case of MS CA only? Can I use any other (third party) CAs? Where can I find usable documentation for t...

Alon, On 12/18/2018 06:52 PM, Alon Bar-Lev wrote: > OK... So you have an issue... > > First, you need to delegate your smartcard to remote machine, probably > using unix socket redirection managed by openssh. This can be done in > many levels... > 1. Delegate USB device, this will enable only exclusive usage of the > smartcard by remote machine. > 2. Delegate PC/SC, this will enable sharing the reader between...

https://bugzilla.mindrot.org/show_bug.cgi?id=1512 Summary: Only a single smartcard/PIN is supported by the ssh-agent Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: unassi...

Hi, I have a smartcard which is revoked in the Certificate Revocation List (CRL) but I can still login. Seams like the CRL check is not performed. Any known bug around this? Server setup: - Samba 4.4 on Debian as AD DC - Created domain MYDOM - smb.conf (extract): tls enabled = yes tls crlfile = tls/mycrl.pem (de...

...sshd, without requiring any special pam module at the remote side. > > You can delegate your TGT using forwarded TGT into the remote machine > if you need to jump additional hope. > > In other words, kerberos is SSO technology, the PK is used at > authentication phase only and if smartcards are being used this phase > is performed on local machine, once TGT is available, the remaining of > the interaction is kerberos only. > > Regards, > Alon > > On Wed, Dec 19, 2018 at 1:10 AM mailto428496 <mailto628496 at cox.net> wrote: >> I know OpenSSH currently...

Hi. Is is possible to use GPG on the host instead of NSS with virtual smartcards? Please document how or add support for it. Can a virtual smartcard make the host less secure? If there are bugs in GPG/NSS backend on the host can they be abused by untrusted code in the vm?

I know OpenSSH currently supports PKCS11 devices (such as smartcards) for publickey authentication, but I would love to see PKCS11 extended further. It is currently possible to perform PKCS11 certificate authentication, via pam_krb5.so (on Linux at least and likely something similar on other *NIX) which allows smartcard auth to a Kerberos (including AD) server, wh...

Hello, Theo, Niels, Jim Rees and I have discussed about integration of smartcard to OpenSSH. Later I have found that OpenSSH has two versions - clean and portable. Now I am wondering which version we should start from. Any suggestions? Thanks. -- Concentration .. Naomaru Itoi

Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible. Can anybody on this list help? I'd want 2-6 cards/tokens that support ECDSA in the NIST p256 curve and ideally RSA...

Hello list! I am trying to get my chipdrive micro smartcard working with openssh. I read the README.smartcard, but i got stuck with sectok. It might be a little offtopic but i am totally stuck! After it compiled libsectok without the -Bforcearchive flag i tried to compile sectok: [root at box sectok-20020524]# make gcc -o sectok main.o cmds.o cyberflex.o...

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: unassigned-bugs at...

Are there any plans on the table to add native support for two-factor authentication, such as password *and* public key? Visa PCI standards require two-factor authentication for remote access and if password+key was available in openssh it would be much easier to maintain and support than a full-blown vpn with all the cross-platform compatibility issues that come with one. Thanks! Jacob

Hi, sorry, I'm not on the list, so please answer directly. I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6 with Gemplus 410 and 430 smartcard readers and Schlumberger cryptoflex smartcards. I used openssh-3.2.2p1 but the relevant file scard-opensc.c is unchanged in 3.4. RSA authentication to a remote host running opensshd did not work with the smartcard. Investigating the problem I found, that the signature is not ASN1 encoded, when u...

Thanks but I've actually tried that too. Not sure I put it in [kdc] section though, I can try again. Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>: > On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote: > > Hi, > > I have a smartcard which is revoked in the Certificate Revocation List > > (CRL) but I can still login. Seams like the CRL check is not performed. > Any > > known bug around this? > > > > Server setup: > > - Samba 4.4 on Debian as AD DC > > - Created domain MYDOM > > - smb...

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard interface will enable many users to have more...

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available Url : http://lists.mindrot.o...