Displaying 20 results from an estimated 357 matches for "smartcards".
Did you mean:
smartcard
2000 Oct 17
5
Smartcards & SSH
Hi all,
I'm new to this mailing list, so I apologize if my question
is "obsolete" for you.
I'd like to know if anybody has a clear idea about
how to connect smartcards to the SSH framework.
I yet got a modified ssh-agent (by Stephen Pellicer)
that uses SSP-Lite (CyberflexAccess driver by me)
in order to use the smartcard instead of the HD files.
Instead, I'd like to INTEGRATE that with the
original, file-based, ssh environment.
I'd like to know what do...
2001 Aug 23
1
Example SmartCard enabled OpenSSH agent.
Hi all,
as an example of SSP-Lite middleware, I modified the
OpenSSH-2.9p2 sources to support Smart Cards.
The new module is just an experiment. It uses an
OpenSSL's new RSA method I built to communicate
with the smartcard through the SSP/PCSC stack
when normal OpenSSL RSA operations are invoked
by OpenSSH.
I couldn't embed the module as I wanted into the OpenSSH
sources because of the
2001 Aug 23
1
Example SmartCard enabled OpenSSH agent.
Hi all,
as an example of SSP-Lite middleware, I modified the
OpenSSH-2.9p2 sources to support Smart Cards.
The new module is just an experiment. It uses an
OpenSSL's new RSA method I built to communicate
with the smartcard through the SSP/PCSC stack
when normal OpenSSL RSA operations are invoked
by OpenSSH.
I couldn't embed the module as I wanted into the OpenSSH
sources because of the
2005 Apr 02
3
OpenSSH and Smartcard
...rity status not satisfied
ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0)
This is happen because openssh never prompt for the pin.
If I use the openssh-agent and ssh-add everything works well.
ssh-add -s 0
ssh localhost
:) --> Have a lot of fun
The question now:
Does Smartcards only work, if I use the ssh-agent or should the "ssh -I
0:45 localhost" command also work????
Thanks for help
Boris
2002 Oct 04
1
Question regarding the possibility of W2K smartcard logon - 2nd post
Hi!
Are there anyone out there who can give me some informations about this
issue?...
Thanks,
Elek J?zsef
-----Original Message-----
From: Elek J?zsef [mailto:elekj@ekg.gov.hu]
Sent: Thursday, October 03, 2002 9:57 AM
To: samba@lists.samba.org
Cc: K-D Andr?si Istv?n
Subject: Question regarding the possibility of W2K smartcard logon
Hi!
I could not find any documentation about the
2018 Dec 19
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
...could be a
feature that a good number of people would like but just don't realize
it ;) (not everyone realizes/considers that PKINIT is possible for
smartcard auth, at least based on my observations). I could imagine
this being of interest to anyone with a kerberos/AD infrastructure and
using smartcards (which is probably a good number) and even if they are
not using kerberos tickets for auth (not everyone is) but still have AD
and want to better centralize control of SSH smartcard auth.
> The problem is that non of these methods have a good solution... But
> once you have done that, you ca...
2008 Aug 21
2
[Bug 1512] New: Only a single smartcard/PIN is supported by the ssh-agent
...rtable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo: unassigned-bugs at mindrot.org
ReportedBy: dkg at fifthhorseman.net
Many smartcards are capable of storing multiple PINs and multiple RSA
keys. Some users may also have more than one smartcard in active use
at a given time (though this seems less likely than 2 or more IDs on a
card).
The current smartcard implementation appears to be capable of dealing
with only a single PIN on...
2017 Sep 21
2
Revocation with CRL doesn't work for smartcards
...er setup:
- Samba 4.4 on Debian as AD DC
- Created domain MYDOM
- smb.conf (extract):
tls enabled = yes
tls crlfile = tls/mycrl.pem (default is to look under private/ folder)
Client setup:
- Windows 7 machine as client
- Joined to the MYDOM domain
- Login ok with both username/password and smartcards
Smart card:
- Principal name test123 at mydom.com (extended attribute)
- Certificate with serial number 0x12ab
CRL:
- In file system: ..../private/tls/mycrl.pem
- Contains serial number 0x12ab
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
...sshd, without requiring any special pam module at the remote side.
>
> You can delegate your TGT using forwarded TGT into the remote machine
> if you need to jump additional hope.
>
> In other words, kerberos is SSO technology, the PK is used at
> authentication phase only and if smartcards are being used this phase
> is performed on local machine, once TGT is available, the remaining of
> the interaction is kerberos only.
>
> Regards,
> Alon
>
> On Wed, Dec 19, 2018 at 1:10 AM mailto428496 <mailto628496 at cox.net> wrote:
>> I know OpenSSH currently s...
2015 Apr 29
1
Virtual Smartcard GPG
Hi. Is is possible to use GPG on the host instead of NSS with virtual
smartcards? Please document how or add support for it.
Can a virtual smartcard make the host less secure? If there are bugs in
GPG/NSS backend on the host can they be abused by untrusted code in the
vm?
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
I know OpenSSH currently supports PKCS11 devices (such as smartcards)
for publickey authentication, but I would love to see PKCS11 extended
further. It is currently possible to perform PKCS11 certificate
authentication, via pam_krb5.so (on Linux at least and likely something
similar on other *NIX) which allows smartcard auth to a Kerberos
(including AD) server, whe...
2000 Aug 19
2
smartcard integration - clean or portable?
Hello,
Theo, Niels, Jim Rees and I have discussed about integration of
smartcard to OpenSSH. Later I have found that OpenSSH has two
versions - clean and portable. Now I am wondering which version we
should start from. Any suggestions?
Thanks.
--
Concentration .. Naomaru Itoi
2014 Jan 31
1
Wanted: smartcard with ECDSA support
Hi,
I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA
keys, but have so far been unable to find anyone who can sell me
a smartcard that supports it.
They certainly exist - AFAIK it's required by the US PIV standard,
but obtaining cards that support it in single digit quantities
seems all but impossible.
Can anybody on this list help? I'd want 2-6 cards/tokens
2003 Aug 21
1
Smartcard: sectok compiler error
Hello list!
I am trying to get my chipdrive micro smartcard working with openssh.
I read the README.smartcard, but i got stuck with sectok.
It might be a little offtopic but i am totally stuck!
After it compiled libsectok without the -Bforcearchive flag i tried to
compile sectok:
[root at box sectok-20020524]# make
gcc -o sectok main.o cmds.o cyberflex.o ../libsectok/libsectok.a -lcrypto
cmds.o:
2008 Aug 16
21
[Bug 1506] New: rationalize agent behavior on smartcard removal/reattachment
https://bugzilla.mindrot.org/show_bug.cgi?id=1506
Summary: rationalize agent behavior on smartcard
removal/reattachment
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo:
2006 Jul 22
6
two factor authentication
Are there any plans on the table to add native support for two-factor
authentication, such as password *and* public key?
Visa PCI standards require two-factor authentication for remote access
and if password+key was available in openssh it would be much easier
to maintain and support than a full-blown vpn with all the
cross-platform compatibility issues that come with one.
Thanks!
Jacob
2002 Jul 20
0
opensc smartcard support does not work
Hi,
sorry, I'm not on the list, so please answer directly.
I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6
with Gemplus 410 and 430 smartcard readers and Schlumberger
cryptoflex smartcards.
I used openssh-3.2.2p1 but the relevant file scard-opensc.c
is unchanged in 3.4.
RSA authentication to a remote host running opensshd
did not work with the smartcard.
Investigating the problem I found, that the signature is
not ASN1 encoded, when using smartcards. The following
diff solves the...
2017 Sep 21
2
Revocation with CRL doesn't work for smartcards
Thanks but I've actually tried that too. Not sure I put it in [kdc] section
though, I can try again.
Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>:
> On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote:
> > Hi,
> > I have a smartcard which is revoked in the Certificate Revocation List
> > (CRL) but I can still login. Seams
2007 Sep 25
9
OpenSSH PKCS#11merge
...e discussion with Damien Miller, but then he disappeared.
Having standard smartcard interface will enable many users to have
more secure environment, without the need to acquire card of specific
vendor.
In order to merge it cleanly, we should also discuss a modification
for the agent protocol. As smartcards are dynamic in nature, there
should be an option for the agent to ask the caller to provide
information, for example "Insert token <xxx>" or "Please enter
passphrase for token <xxx>". Current implementation does not modify
the agent protocol but execute dialog from w...
2008 Jun 20
2
OpenSC smartcard access should use raw public keys, not X.509 certificates
A non-text attachment was scrubbed...
Name: use-public-keys-instead-of-certs-with-opensc.patch
Type: text/x-diff
Size: 5512 bytes
Desc: enable the use of raw public keys on OpenSC-supported
smartcards
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 826 bytes
Desc: not available
Url : http://lists.mindrot.or...