similar to: Patch Openssh-5.2p1 for opensc PIN

Hi, sorry, I'm not on the list, so please answer directly. I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6 with Gemplus 410 and 430 smartcard readers and Schlumberger cryptoflex smartcards. I used openssh-3.2.2p1 but the relevant file scard-opensc.c is unchanged in 3.4. RSA authentication to a remote host running opensshd did not work with the smartcard. Investigating the problem

http://bugzilla.mindrot.org/show_bug.cgi?id=584 Summary: scard-opensc.c doesn't work without PIN Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy:

http://bugzilla.mindrot.org/show_bug.cgi?id=577 Summary: bug (wrong flag) in sc_private_decrypt (scard-opensc.c) Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org

http://bugzilla.mindrot.org/show_bug.cgi?id=621 Summary: scard-opensc.c: more than one private key object for a certificate Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

http://bugzilla.mindrot.org/show_bug.cgi?id=589 Summary: scard-opensc.c: load only those keys for which there's a private key Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard

https://bugzilla.mindrot.org/show_bug.cgi?id=1498 Summary: OpenSC smartcard access should use raw public keys, not X.509 certificates Classification: Unclassified Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Keywords: patch Severity: normal

Hi, I think there's a small bug in sc_private_decrypt in scard-opensc.c (see attached patch). The 'flags' parameter in the sc_pkcs15_decipher function call should be set to SC_ALGORITHM_RSA_PAD_PKCS1 and not to 0. If flags == 0 then sc_pkcs15_decipher uses RSA raw as a default method which has (at least) two drawbacks a) not all cards support RSA raw and b) sc_pkcs15_decipher does not

I'm attaching a patch to allow ssh client to get a pin from the command line when using a smartcard. Most of it is from a patch by Danny De Cock <godot () ulyssis ! org>, but I've used the ssh read_passphrase function instead. Any errors are mine, I'm sure. This enables ssh -I 0 to use a pin-protected smartcard via opensc. Thanks, Kevin Stefanik -------------- next part

Hello, PKCS#11 is a standard API interface that can be used in order to access cryptographic tokens. You can find the specification at http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most smartcard and other cryptographic device vendors support PKCS#11, opensc also provides PKCS#11 interface. I can easily make the scard.c, scard-opensc.c and ssh-agent.c support PKCS#11. PKCS#11 is

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not

http://bugzilla.mindrot.org/show_bug.cgi?id=591 Summary: use PKCS#15 private key label as a comment in case of OpenSC Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo:

Dear friends, First, thanks for helping me on ssh default option for smartcards. I recompiled SSH from CVS and it seems to work. I still have problems with: ssh-add -s /usr/lib/opensc-pkcs11.so Enter passphrase for PKCS#11: (I enter PIN code) SSH_AGENT_FAILURE Could not add card: /usr/lib/opensc-pkcs11.so pkcs11-tool --slot 1 -O Public Key Object; RSA 2048 bits label: Public Key ID:

http://bugzilla.mindrot.org/show_bug.cgi?id=1294 Summary: includes.h should pull in string.h based on HAVE_STRING_H Product: Portable OpenSSH Version: 4.6p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Build system AssignedTo: bitbucket

Moin, attached is a patch, which adds a new configuration option "PreferAskpass" to the ssh config. ssh{,-add,-keygen,-agent} will use ssh-askpass to prompt for passwords, if this option is set to "yes", and if ssh-askpass is available. Default for "PreferAskpass" is "no". Pacth is against current CVS. Sebastian -- signature intentionally left blank.

Hi All. While wandering in auth-pam.c I noticed that there's a few Portable-specific escapees from the xmalloc(foo * bar) cleanup. There's also a "probably can't happen" integer overflow in ssh-rand-helper.c with the memset: num_cmds = 64; - entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t)); + entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));

http://bugzilla.mindrot.org/show_bug.cgi?id=1160 Summary: OpenSSH should use libopensc.pc instead of opensc-config Product: Portable OpenSSH Version: 4.3p2 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo: bitbucket at mindrot.org

https://bugzilla.mindrot.org/show_bug.cgi?id=1751 Summary: ssh-add -s /usr/lib/opensc-pkcs11.so does not work Product: Portable OpenSSH Version: 5.4p1 Platform: amd64 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: unassigned-bugs at mindrot.org

Hi, the current CVS version (head) of OpenSSH doesn't build with OpenSC because the sc_get_key_label function is currently not defined in scard-opensc.c => please apply the scard-opensc.c part of patch #330 (see: http://bugzilla.mindrot.org/attachment.cgi?id=330&action=view ). Regards, Nils

https://bugzilla.mindrot.org/show_bug.cgi?id=1506 Summary: rationalize agent behavior on smartcard removal/reattachment Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote: > As a side note, OpenSC is looking at issues with using tokens vs > separate > readers and smart cards. The code paths in PKCS#11 differ. Removing a > card > from a reader leaves the pkcs#11 slot still available. Removing a > token (Yubikey) > removes both the reader and and its builtin smart card. Firefox has a >