similar to: [Bug 1736] New: OpenSSH doesn't seem to work with my MuscleCard PKCS#11 library

Hi all, a new OpenSSH-MCard package has been released, by integrating latest OpenSSH package for Linux (3.5p1) with latest PCSC-Lite / MuscleCard smart card middleware (v1.1.1), within the SmartSign project. It can be downloaded at the URL: http://smartsign.sourceforge.net Differences with previous release include: -) update to latest MuscleCard and Applet -) ability to use more keys onto a

Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh -I" the second is for "pkcs11-tool -O" In the second log there is private_key visible or offered in the first one is not. I use openssh 6.4 version on Linux or Mac. Log from

Hi, OpenSSH 5.6 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a moderately large release, with a number of new features and bug fixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH

Dear friends, First, thanks for helping me on ssh default option for smartcards. I recompiled SSH from CVS and it seems to work. I still have problems with: ssh-add -s /usr/lib/opensc-pkcs11.so Enter passphrase for PKCS#11: (I enter PIN code) SSH_AGENT_FAILURE Could not add card: /usr/lib/opensc-pkcs11.so pkcs11-tool --slot 1 -O Public Key Object; RSA 2048 bits label: Public Key ID:

OpenSSH 5.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

OpenSSH 5.6 has just been released. It will be available from the mirrors listed at http://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol version 1.3, 1.5 and 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches,

Hi all, Thanks for all your hard work! I was particularly excited to see FIDO/U2F support in the latest release. I'd like to make the following bug report in ssh-agent's PKCS#11 support: Steps to reproduce: 1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key. 2. Add that key to ssh-agent. 3. Remove that key from ssh-agent. 4. Add that key to ssh-agent. Expected results:

https://bugzilla.mindrot.org/show_bug.cgi?id=3613 Bug ID: 3613 Summary: Unable to sign using certificates and PKCS#11 Product: Portable OpenSSH Version: 8.9p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-keygen Assignee:

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

https://bugzilla.mindrot.org/show_bug.cgi?id=1773 --- Comment #6 from Sergey Ivanov <evasive.gyron at gmail.com> --- Error is exactly as described by original author. ssh -A -I /usr/lib/libeToken.so -p example.net -vvv OpenSSH_7.1p1, OpenSSL 1.0.2d 9 Jul 2015 debug1: Reading configuration data /etc/ssh/ssh_config debug2: ssh_connect: needpriv 0 debug1: Connecting to example.com

It does, thanks. So if the password is known, or the KDC compromised, then in principle MITM becomes possible? On 2017-08-14 15:28, Andrew Bartlett wrote: > On Mon, 2017-08-14 at 06:45 -0400, Daniel Benoy via samba wrote: >> Is it perhaps using your password somehow? Like, if an attacker knew >> the >> password that the client is using to connect, would it then be able to

Hi, I am using ssh-keyscan with a list of hosts, such as: ssh-keyscan -t rsa -f hosts_for_keyscan Some of the hosts in the list have dsa, but no rsa keys. For such hosts, the command displays: no hostkey alg When this is the case for 2 hosts, this message appears twice AND SSH-KEYSCAN STOPS QUERYING, which means that no keys at all are returned for the following hosts. Here is the part of the

Hello all, It seems that RhostsAuthentication does not work on non-default port no matter what when connecting from OpenSSH (2.1.1, 2.2.0 tried) either with protocol 1 or protocol 2 (shouldn't work either..). _However_ when connecting with SSH.COM Ltd's ssh, RhostsAuthentication works just fine! Checking the port number of ssh client you can see that OpenSSH doesn't assign

https://bugzilla.mindrot.org/show_bug.cgi?id=2635 Bug ID: 2635 Summary: Unable to use SSH Agent and user level PKCS11Provider configuration directive Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

Damien, I was going down the path of public key authentication when I encountered problems. I've been discussing it off-line using the simple example of creating a key pair with no passphrase for an account on "myserver", then trying to connect to myserver using the "ssh -i id_dsa myserver" command. It's not working, so we're debugging now (see below). If you

I'm interested in using SMB encryption to connect over untrusted networks. I see that I can enable it in samba with 'smb encrypt = ...' which is great, and I'm seeing posts from Microsoft (like this one: https://technet.microsoft.com/en-us/library/dn551363(v=ws.11).aspx) bragging about how it can detect man-in-the-middle attacks. Can anyone point me at the basic details of how

Hi all, a modified version of the OpenSSH client programs has been released on the Smart Sign Web Site http://smartsign.sourceforge.net that uses Muscle Card Edge technology. It directly generates an OpenSSH private key on to a JavaCard 2.1.1 compliant smart card (using CardEdge key generation facility) and uses it from the card itself. Private key can never get compromised after generation !

Hi, I am using Van Dyke SecureCRT 3.2.1 to access an AIX server running OpenSSH-2.5.0p1. Using ssh1 with X11 forwarding enabled, the server reports the following error (in the client session): Packet integrity error. (34) This problem was not evident in 2.3.0p1. Running sshd in debug gives the output: debug1: sshd version OpenSSH_2.5.1p1 debug1: load_private_key_autodetect: type 0 RSA1

Hi, I just did a cvs update on my copy of the openssh stuff here to be sure that this bug is still existing. If I connect to a host running 2.3.0p1 and use protocol version 2 ssh fails. Here's the excerpt from the debug log. I would appreciate if someone could fix this, so that I can use protocol version 2 again: |debug1: GOT SSH2_MSG_NEWKEYS. |debug1: send SSH2_MSG_NEWKEYS. |debug1: done:

http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: