search for: smartcards

Hi all, I'm new to this mailing list, so I apologize if my question is "obsolete" for you. I'd like to know if anybody has a clear idea about how to connect smartcards to the SSH framework. I yet got a modified ssh-agent (by Stephen Pellicer) that uses SSP-Lite (CyberflexAccess driver by me) in order to use the smartcard instead of the HD files. Instead, I'd like to INTEGRATE that with the original, file-based, ssh environment. I'd like to know what do...

Hi all, as an example of SSP-Lite middleware, I modified the OpenSSH-2.9p2 sources to support Smart Cards. The new module is just an experiment. It uses an OpenSSL's new RSA method I built to communicate with the smartcard through the SSP/PCSC stack when normal OpenSSL RSA operations are invoked by OpenSSH. I couldn't embed the module as I wanted into the OpenSSH sources because of the

Hi all, as an example of SSP-Lite middleware, I modified the OpenSSH-2.9p2 sources to support Smart Cards. The new module is just an experiment. It uses an OpenSSL's new RSA method I built to communicate with the smartcard through the SSP/PCSC stack when normal OpenSSL RSA operations are invoked by OpenSSH. I couldn't embed the module as I wanted into the OpenSSH sources because of the

...rity status not satisfied ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0) This is happen because openssh never prompt for the pin. If I use the openssh-agent and ssh-add everything works well. ssh-add -s 0 ssh localhost :) --> Have a lot of fun The question now: Does Smartcards only work, if I use the ssh-agent or should the "ssh -I 0:45 localhost" command also work???? Thanks for help Boris

Hi! Are there anyone out there who can give me some informations about this issue?... Thanks, Elek J?zsef -----Original Message----- From: Elek J?zsef [mailto:elekj@ekg.gov.hu] Sent: Thursday, October 03, 2002 9:57 AM To: samba@lists.samba.org Cc: K-D Andr?si Istv?n Subject: Question regarding the possibility of W2K smartcard logon Hi! I could not find any documentation about the

...could be a feature that a good number of people would like but just don't realize it ;) (not everyone realizes/considers that PKINIT is possible for smartcard auth, at least based on my observations). I could imagine this being of interest to anyone with a kerberos/AD infrastructure and using smartcards (which is probably a good number) and even if they are not using kerberos tickets for auth (not everyone is) but still have AD and want to better centralize control of SSH smartcard auth. > The problem is that non of these methods have a good solution... But > once you have done that, you ca...

...rtable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: unassigned-bugs at mindrot.org ReportedBy: dkg at fifthhorseman.net Many smartcards are capable of storing multiple PINs and multiple RSA keys. Some users may also have more than one smartcard in active use at a given time (though this seems less likely than 2 or more IDs on a card). The current smartcard implementation appears to be capable of dealing with only a single PIN on...

...er setup: - Samba 4.4 on Debian as AD DC - Created domain MYDOM - smb.conf (extract): tls enabled = yes tls crlfile = tls/mycrl.pem (default is to look under private/ folder) Client setup: - Windows 7 machine as client - Joined to the MYDOM domain - Login ok with both username/password and smartcards Smart card: - Principal name test123 at mydom.com (extended attribute) - Certificate with serial number 0x12ab CRL: - In file system: ..../private/tls/mycrl.pem - Contains serial number 0x12ab

...sshd, without requiring any special pam module at the remote side. > > You can delegate your TGT using forwarded TGT into the remote machine > if you need to jump additional hope. > > In other words, kerberos is SSO technology, the PK is used at > authentication phase only and if smartcards are being used this phase > is performed on local machine, once TGT is available, the remaining of > the interaction is kerberos only. > > Regards, > Alon > > On Wed, Dec 19, 2018 at 1:10 AM mailto428496 <mailto628496 at cox.net> wrote: >> I know OpenSSH currently s...

Hi. Is is possible to use GPG on the host instead of NSS with virtual smartcards? Please document how or add support for it. Can a virtual smartcard make the host less secure? If there are bugs in GPG/NSS backend on the host can they be abused by untrusted code in the vm?

I know OpenSSH currently supports PKCS11 devices (such as smartcards) for publickey authentication, but I would love to see PKCS11 extended further. It is currently possible to perform PKCS11 certificate authentication, via pam_krb5.so (on Linux at least and likely something similar on other *NIX) which allows smartcard auth to a Kerberos (including AD) server, whe...

Hello, Theo, Niels, Jim Rees and I have discussed about integration of smartcard to OpenSSH. Later I have found that OpenSSH has two versions - clean and portable. Now I am wondering which version we should start from. Any suggestions? Thanks. -- Concentration .. Naomaru Itoi

Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible. Can anybody on this list help? I'd want 2-6 cards/tokens

Hello list! I am trying to get my chipdrive micro smartcard working with openssh. I read the README.smartcard, but i got stuck with sectok. It might be a little offtopic but i am totally stuck! After it compiled libsectok without the -Bforcearchive flag i tried to compile sectok: [root at box sectok-20020524]# make gcc -o sectok main.o cmds.o cyberflex.o ../libsectok/libsectok.a -lcrypto cmds.o:

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

Are there any plans on the table to add native support for two-factor authentication, such as password *and* public key? Visa PCI standards require two-factor authentication for remote access and if password+key was available in openssh it would be much easier to maintain and support than a full-blown vpn with all the cross-platform compatibility issues that come with one. Thanks! Jacob

Hi, sorry, I'm not on the list, so please answer directly. I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6 with Gemplus 410 and 430 smartcard readers and Schlumberger cryptoflex smartcards. I used openssh-3.2.2p1 but the relevant file scard-opensc.c is unchanged in 3.4. RSA authentication to a remote host running opensshd did not work with the smartcard. Investigating the problem I found, that the signature is not ASN1 encoded, when using smartcards. The following diff solves the...

Thanks but I've actually tried that too. Not sure I put it in [kdc] section though, I can try again. Den 21 sep. 2017 20:54 skrev "Andrew Bartlett" <abartlet at samba.org>: > On Thu, 2017-09-21 at 13:01 +0200, Peter L via samba wrote: > > Hi, > > I have a smartcard which is revoked in the Certificate Revocation List > > (CRL) but I can still login. Seams

...e discussion with Damien Miller, but then he disappeared. Having standard smartcard interface will enable many users to have more secure environment, without the need to acquire card of specific vendor. In order to merge it cleanly, we should also discuss a modification for the agent protocol. As smartcards are dynamic in nature, there should be an option for the agent to ask the caller to provide information, for example "Insert token <xxx>" or "Please enter passphrase for token <xxx>". Current implementation does not modify the agent protocol but execute dialog from w...

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 826 bytes Desc: not available Url : http://lists.mindrot.or...