Displaying 20 results from an estimated 1000 matches similar to: "playing with smartcard: rsa key upload?"
2005 Apr 02
3
OpenSSH and Smartcard
Hi,
I am not sure if this the right place for the question. Sorry if not ...
My System:
SuSE 9.2
OpenSSH 3.9p1
I have trouble to use a Smartcard with openssh. If i try to connect
directly to the Smartcard, it fails:
ssh -I 0:45 localhost
card-etoken.c:175:etoken_check_sw: required access right not granted
card-etoken.c:631:do_compute_signature: returning with: Security status
not satisfied
2003 Aug 21
1
Smartcard: sectok compiler error
Hello list!
I am trying to get my chipdrive micro smartcard working with openssh.
I read the README.smartcard, but i got stuck with sectok.
It might be a little offtopic but i am totally stuck!
After it compiled libsectok without the -Bforcearchive flag i tried to
compile sectok:
[root at box sectok-20020524]# make
gcc -o sectok main.o cmds.o cyberflex.o ../libsectok/libsectok.a -lcrypto
cmds.o:
2007 Nov 12
7
[Bug 1391] New: Problem compiling openssh 4.7p1
https://bugzilla.mindrot.org/show_bug.cgi?id=1391
Summary: Problem compiling openssh 4.7p1
Classification: Unclassified
Product: Portable OpenSSH
Version: 4.7p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Build system
AssignedTo: bitbucket at
2005 Nov 01
3
PKCS#11 support for openssh
Hello OpenSSH developers,
A week ago I've posted a patch that enables openssh to work
with PKCS#11 tokens.
I didn't receive any comments regarding the patch or reply
to my questions.
In current software world, providing a security product that
does not support standard interface for external
cryptographic hardware makes the product obsolete.
Please comment my patch, so I can know
2004 Sep 02
1
contribution - pkcs11 smart card support
Hello,
I have just finished development of PKCS#11 smartcard support into OpenSSH.
It is based on existing approach implemented in sectok and OpenSC support.
It means it supports private key stored on PKCS#11 device.
I have developed it on Linux platform and tested on Windows using Cygwin and
after some minor code cealn-up I'm ready to post a patch.
Are you (especially maintaners)
2005 Mar 11
2
Dynamic smartcard support?
Hi all, and thanks for everyone's work on the 4.0 release!
There's been recent discussion on the OpenSC mailing list about
getting better/updated smartcard support into OpenSSH.
Originating from an OpenSSH package maintainer's desire to keep
dependencies to a minimum, the idea to load OpenSC dynamically
popped up. Now the question is whether this is an approach that
would be favored
2002 Jul 20
0
opensc smartcard support does not work
Hi,
sorry, I'm not on the list, so please answer directly.
I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6
with Gemplus 410 and 430 smartcard readers and Schlumberger
cryptoflex smartcards.
I used openssh-3.2.2p1 but the relevant file scard-opensc.c
is unchanged in 3.4.
RSA authentication to a remote host running opensshd
did not work with the smartcard.
Investigating the problem
2014 Jan 31
1
Wanted: smartcard with ECDSA support
Hi,
I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA
keys, but have so far been unable to find anyone who can sell me
a smartcard that supports it.
They certainly exist - AFAIK it's required by the US PIV standard,
but obtaining cards that support it in single digit quantities
seems all but impossible.
Can anybody on this list help? I'd want 2-6 cards/tokens
2008 Jul 31
5
[Bug 1498] New: OpenSC smartcard access should use raw public keys, not X.509 certificates
https://bugzilla.mindrot.org/show_bug.cgi?id=1498
Summary: OpenSC smartcard access should use raw public keys,
not X.509 certificates
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
2017 Apr 05
3
Allow SHA1 deprecation for rsa-sha
On Wed, 5 Apr 2017, Jakub Jelen wrote:
> Disabling SHA-1 for signatures sounds like a good idea these days (and was the
> main reason why the extension created if I read it right [1]).
> This leaves me confused if the use case without SHA1 was missed from the draft
> or it was left as an implementation detail, that was not implemented in
> OpenSSH.
The reasons we didn't
2008 Aug 16
21
[Bug 1506] New: rationalize agent behavior on smartcard removal/reattachment
https://bugzilla.mindrot.org/show_bug.cgi?id=1506
Summary: rationalize agent behavior on smartcard
removal/reattachment
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo:
2008 Jun 20
2
OpenSC smartcard access should use raw public keys, not X.509 certificates
A non-text attachment was scrubbed...
Name: use-public-keys-instead-of-certs-with-opensc.patch
Type: text/x-diff
Size: 5512 bytes
Desc: enable the use of raw public keys on OpenSC-supported
smartcards
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not
2003 Aug 21
0
OT: smartcard sectok - 0608 error loading driver
Hello!
I know this is a bit off topic but its hard to get some help in this case.
the driver for my Towitoko Chipdrive USB works:
Aug 21 12:33:12 idefix pcscd: eventhandler.c:380 EHSpawnEventHandler: Card
Removed From Towitoko Chipdrive USB 0 0
Aug 21 12:33:16 idefix pcscd: eventhandler.c:468 EHSpawnEventHandler: Card
inserted into Towitoko Chipdrive USB 0 0
Aug 21 12:33:16 idefix pcscd:
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
Hi all,
Thanks for all your hard work! I was particularly excited to see
FIDO/U2F support in the latest release.
I'd like to make the following bug report in ssh-agent's PKCS#11 support:
Steps to reproduce:
1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key.
2. Add that key to ssh-agent.
3. Remove that key from ssh-agent.
4. Add that key to ssh-agent.
Expected results:
2007 Mar 01
11
Call for release testing.
Hi All.
We are planning on doing one of our regular OpenSSH releases (4.6/4.6p1)
some time next week. This is a mostly a bugfix release, but there is
one new feature:
sshd now allows the enabling and disabling of authentication methods on
a per user, group, host and network basis via the Match directive in
sshd_config.
The bugs fixed are:
#52 ssh hangs on exit.
#1252 sftp returns 0 when
2010 Sep 23
2
OpenSSH developers @ FOSDEM 2011
Hello,
I'm writing from OpenSC project (OpenSSH used to include OpenSC support for smart cards, it has been removed now and PKCS#11 is used instead, whish is nice), we're planning to have a "Security / hardware crypto keys" themed devroom at FOSDEM next year. Are people on this list interested in participating, and trying to tackle the problem of "Why OpenSSH does not work
2010 Apr 06
3
Using OpenSSH with smart cards HOWTO
On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote:
> You might wish to focus on sftp instead of scp.
Okay, I will have a look.
I had some problems:
1) I would like to store smart card information
-o PKCS11Provider=/usr/lib/opensc-pkcs11.so
in /etc/ssh/ssh-config. Is it possible?
2) ssh-add -s does not seem to work.
Read:
2012 Mar 20
2
2.1.2 (pop3|imap)-login crash
Hi Timo, hi all,
after upgrading my server (both backends and load balancer) to 2.1.2
(from 2.0.17), I'm getting a log of login processes crashed in load
balancer.
Log lines are like:
Mar 20 10:05:45 mailgw-lb dovecot: pop3-login: Fatal: master:
service(pop3-login): child 27764 killed with signal 11 (core dumps disabled)
Mar 20 10:06:17 mailgw-lb dovecot: imap-login: Fatal: master:
2016 Oct 27
11
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635
Bug ID: 2635
Summary: Unable to use SSH Agent and user level PKCS11Provider
configuration directive
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2017 Jun 23
5
OpenSSL 1.1 support status : what next?
OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
a shim for OpenSSL-1.1, the OpenSC code has been converted to
the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and
macros was written to support older versions of OpenSSL and Libressl.
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h
The nice part of this approach is