similar to: Dynamic smartcard support?

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not

https://bugzilla.mindrot.org/show_bug.cgi?id=1498 Summary: OpenSC smartcard access should use raw public keys, not X.509 certificates Classification: Unclassified Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Keywords: patch Severity: normal

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

Hi, sorry, I'm not on the list, so please answer directly. I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6 with Gemplus 410 and 430 smartcard readers and Schlumberger cryptoflex smartcards. I used openssh-3.2.2p1 but the relevant file scard-opensc.c is unchanged in 3.4. RSA authentication to a remote host running opensshd did not work with the smartcard. Investigating the problem

Hi all, Thanks for all your hard work! I was particularly excited to see FIDO/U2F support in the latest release. I'd like to make the following bug report in ssh-agent's PKCS#11 support: Steps to reproduce: 1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key. 2. Add that key to ssh-agent. 3. Remove that key from ssh-agent. 4. Add that key to ssh-agent. Expected results:

Hi, I am not sure if this the right place for the question. Sorry if not ... My System: SuSE 9.2 OpenSSH 3.9p1 I have trouble to use a Smartcard with openssh. If i try to connect directly to the Smartcard, it fails: ssh -I 0:45 localhost card-etoken.c:175:etoken_check_sw: required access right not granted card-etoken.c:631:do_compute_signature: returning with: Security status not satisfied

https://bugzilla.mindrot.org/show_bug.cgi?id=2682 Bug ID: 2682 Summary: ssh-agent is unable to remove smartcard after introducing whitelist Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority:

I began playing with smartcard support and enabled this in openssh-3.5p1 on linux. The -U (upload) option unfortunately doesn't work yet with ssh-keygen: $ ssh-keygen -U 0 Enter file in which the key is (/home/user/.ssh/id_rsa): key uploading not yet supported Is there a tool to upload an openssh rsa key to a smart card so that I can use it with ssh -I later on? Should I just upload it as a

Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible. Can anybody on this list help? I'd want 2-6 cards/tokens

Hello, PKCS#11 is a standard API interface that can be used in order to access cryptographic tokens. You can find the specification at http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most smartcard and other cryptographic device vendors support PKCS#11, opensc also provides PKCS#11 interface. I can easily make the scard.c, scard-opensc.c and ssh-agent.c support PKCS#11. PKCS#11 is

On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote: > As a side note, OpenSC is looking at issues with using tokens vs > separate > readers and smart cards. The code paths in PKCS#11 differ. Removing a > card > from a reader leaves the pkcs#11 slot still available. Removing a > token (Yubikey) > removes both the reader and and its builtin smart card. Firefox has a >

Hi, from ChangeLog: 20030609 - (djm) Sync README.smartcard with OpenBSD -current My I ask why the OpenSC section has been removed ? Note: OpenSSH + OpenSC works for me (at least with a recent OpenSC snapshot). Regards, Nils

I'm attaching a patch to allow ssh client to get a pin from the command line when using a smartcard. Most of it is from a patch by Danny De Cock <godot () ulyssis ! org>, but I've used the ssh read_passphrase function instead. Any errors are mine, I'm sure. This enables ssh -I 0 to use a pin-protected smartcard via opensc. Thanks, Kevin Stefanik -------------- next part

http://bugzilla.mindrot.org/show_bug.cgi?id=577 Summary: bug (wrong flag) in sc_private_decrypt (scard-opensc.c) Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org

does anyone know if any repositories have OpenSC built for EL4 ? I've been struggling with building this myself, trying to get an Aladdin eToken working with OpenSSL so we can use it for client authentication of an SSL session.

On 06.01.2010, at 5:46, openssh-unix-dev-request at mindrot.org wrote: > OpenSSH daemon security bug? If you find find passwords and/or password protected keys not secure I would suggest using private keys on a smart card. There's a bug(with patches) related to smart cards: https://bugzilla.mindrot.org/show_bug.cgi?id=1371 I don't think that guessing about the protection of the

http://bugzilla.mindrot.org/show_bug.cgi?id=591 Summary: use PKCS#15 private key label as a comment in case of OpenSC Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo:

Hi folks, I've ran into an interesting issue when I was trying to set up Winbind client to use smart card for authentication. >From what I was able to gather, Winbind doesn't support smart card auth. To my surprise, I was able to authenticate without pam_pkcs11 or pam_krb5 in my PAM stack, using only pam_winbind, after I've added config like this into /etc/krb5.conf: ```

So, it *seems* to be working, pretty much. I needed to install opensc, openct pcsc-lite, pcsc-lite-openct, and ctapi-common will be installed as a dependency. I *removed* coolkey and esc, which depended on it. 100% of the time, they misidentifed the new/current US federal ID PIV-II cards as coolkey cards, and popped up this "phone home" window, then a "manage smartcards"