similar to: smartcard integration - clean or portable?

I began playing with smartcard support and enabled this in openssh-3.5p1 on linux. The -U (upload) option unfortunately doesn't work yet with ssh-keygen: $ ssh-keygen -U 0 Enter file in which the key is (/home/user/.ssh/id_rsa): key uploading not yet supported Is there a tool to upload an openssh rsa key to a smart card so that I can use it with ssh -I later on? Should I just upload it as a

Hi, I am not sure if this the right place for the question. Sorry if not ... My System: SuSE 9.2 OpenSSH 3.9p1 I have trouble to use a Smartcard with openssh. If i try to connect directly to the Smartcard, it fails: ssh -I 0:45 localhost card-etoken.c:175:etoken_check_sw: required access right not granted card-etoken.c:631:do_compute_signature: returning with: Security status not satisfied

On 06.01.2010, at 5:46, openssh-unix-dev-request at mindrot.org wrote: > OpenSSH daemon security bug? If you find find passwords and/or password protected keys not secure I would suggest using private keys on a smart card. There's a bug(with patches) related to smart cards: https://bugzilla.mindrot.org/show_bug.cgi?id=1371 I don't think that guessing about the protection of the

Hi! Are there anyone out there who can give me some informations about this issue?... Thanks, Elek J?zsef -----Original Message----- From: Elek J?zsef [mailto:elekj@ekg.gov.hu] Sent: Thursday, October 03, 2002 9:57 AM To: samba@lists.samba.org Cc: K-D Andr?si Istv?n Subject: Question regarding the possibility of W2K smartcard logon Hi! I could not find any documentation about the

Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible. Can anybody on this list help? I'd want 2-6 cards/tokens

Hi. Is is possible to use GPG on the host instead of NSS with virtual smartcards? Please document how or add support for it. Can a virtual smartcard make the host less secure? If there are bugs in GPG/NSS backend on the host can they be abused by untrusted code in the vm?

Hello list! I am trying to get my chipdrive micro smartcard working with openssh. I read the README.smartcard, but i got stuck with sectok. It might be a little offtopic but i am totally stuck! After it compiled libsectok without the -Bforcearchive flag i tried to compile sectok: [root at box sectok-20020524]# make gcc -o sectok main.o cmds.o cyberflex.o ../libsectok/libsectok.a -lcrypto cmds.o:

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not

Hi, I have two questions. First, I'd like to compare a ZINB model to a negativ binomial model with the Vuong test, but I can't find how to performe it from the zicount package. Does a programm exist to do it ? Second, I'd like to know in which cases we have to use a double hurdle model instead of a zero inflated model. Many thanks, St??phanie Payet REES France R??seau

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

Hmmm... You guys aware of this project to incorporate Smart Cards into ssh-agent? I remember hearing about some stuff for OpenSSL, but I don't recall hearing about this on the OpenSSH list or on the Muscle list. This would be a really nice thing... :-) Mike -- Michael H. Warfield | (770) 985-6132 | mhw at WittsEnd.com (The Mad Wizard) | (678) 463-0932 |

Hi all, as an example of SSP-Lite middleware, I modified the OpenSSH-2.9p2 sources to support Smart Cards. The new module is just an experiment. It uses an OpenSSL's new RSA method I built to communicate with the smartcard through the SSP/PCSC stack when normal OpenSSL RSA operations are invoked by OpenSSH. I couldn't embed the module as I wanted into the OpenSSH sources because of the

Hi all, as an example of SSP-Lite middleware, I modified the OpenSSH-2.9p2 sources to support Smart Cards. The new module is just an experiment. It uses an OpenSSL's new RSA method I built to communicate with the smartcard through the SSP/PCSC stack when normal OpenSSL RSA operations are invoked by OpenSSH. I couldn't embed the module as I wanted into the OpenSSH sources because of the

Hi all, and thanks for everyone's work on the 4.0 release! There's been recent discussion on the OpenSC mailing list about getting better/updated smartcard support into OpenSSH. Originating from an OpenSSH package maintainer's desire to keep dependencies to a minimum, the idea to load OpenSC dynamically popped up. Now the question is whether this is an approach that would be favored

On 20/07/2023 09:37, Hans Schulze via samba wrote: > I found an old bugzilla report for this behavior: > > https://bugzilla.samba.org/show_bug.cgi?id=9612 > > According to the statements in it, there was a patch already in version > 4.16 and in heimdal 8 last year? Which option must be in the krb5.conf? Sorry, but I read it slightly differently, there was a patch available,

Some smartcard readers have keypad to enter the PIN securely (i.e. such that it cannot be intercepted by a rogue (ssh) binary. PKCS#11 allows for enforcing this in hardware. Below patch allows for SSH to make use of this; against head/master as of today. Dw. commit 7f0250a8ae6c639a19d4e1e24fc112d5e2e1249a Author: Dirk-Willem van Gulik <dirkx at webweaving.org> Date: Tue Mar 17

Confusing. Github says that is open. Ok. My mistake. The question remains why the Windows clients allow login for an expired certificate despite a correctly loaded CRL. What is the purpose of specifying the CRL in smb.conf? It seems to me that the smartcard login is not really reliable. Then my users still have to log in with password. For now, as long as 4.19 is not yet released. Hans

Unfortunately this does not work. Example: Yes, when i give it a few Days, the client will retrieve the actual crl faster. But the auth still works. I have tried it. I revoked an cert. Installed a new win10 client and joined the domain. After login with the revoked p12 cert on a yubikey, i can see he queries the CDP and still allows the login. With certutil and a cert in DER format, i tried

Hi all, I'm new to this mailing list, so I apologize if my question is "obsolete" for you. I'd like to know if anybody has a clear idea about how to connect smartcards to the SSH framework. I yet got a modified ssh-agent (by Stephen Pellicer) that uses SSP-Lite (CyberflexAccess driver by me) in order to use the smartcard instead of the HD files. Instead, I'd like to

Hi, I have a smartcard which is revoked in the Certificate Revocation List (CRL) but I can still login. Seams like the CRL check is not performed. Any known bug around this? Server setup: - Samba 4.4 on Debian as AD DC - Created domain MYDOM - smb.conf (extract): tls enabled = yes tls crlfile = tls/mycrl.pem (default is to look under private/ folder) Client setup: - Windows 7 machine as