Displaying 20 results from an estimated 1000 matches similar to: "Using OpenSSH with smart cards HOWTO"
2012 Jan 20
1
Donation of 10 ePass2003 to the OpenSSH project
Dear all,
There were a lot of discussions about smartcards and tokens, and we
would like to make a simple offer: donate to each OpenSSH developer an
ePass2003.
The ePass2003 relies on one single chip and the most advanced OpenSC
token available to date. It is also the cheapest token of all times.
Read a description here:
http://www.gooze.eu/epass-2003
Documentation:
2016 Dec 28
2
certificates keys on pkcs11 devices
Hi,
I have not found any way to use a Certificate with ssh-agent when my Key is
stored on a pkcs11 device. I can add my key with
ssh-add -s /usr/local/lib/opensc-pkcs11.so
but
ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub
does not add the certificate to my agent. As far as I undestand, in
ssh-add.c line 580
if (pkcs11provider != NULL) {
if (update_card(agent_fd,
2016 Oct 27
11
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635
Bug ID: 2635
Summary: Unable to use SSH Agent and user level PKCS11Provider
configuration directive
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2007 Sep 25
9
OpenSSH PKCS#11merge
[[Sending again, as for some strange reason it is not accepted]]
Hello OpenSSH developers,
I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.
I wish to know if anyone is interesting in working toward merging this
into mainline.
I had some discussion with Damien Miller, but then he disappeared.
Having standard smartcard
2010 Mar 17
20
[Bug 1736] New: OpenSSH doesn't seem to work with my MuscleCard PKCS#11 library
https://bugzilla.mindrot.org/show_bug.cgi?id=1736
Summary: OpenSSH doesn't seem to work with my MuscleCard
PKCS#11 library
Product: Portable OpenSSH
Version: 5.4p1
Platform: ix86
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo:
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
Hi all,
Thanks for all your hard work! I was particularly excited to see
FIDO/U2F support in the latest release.
I'd like to make the following bug report in ssh-agent's PKCS#11 support:
Steps to reproduce:
1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key.
2. Add that key to ssh-agent.
3. Remove that key from ssh-agent.
4. Add that key to ssh-agent.
Expected results:
2020 Feb 24
4
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote:
> As a side note, OpenSC is looking at issues with using tokens vs
> separate
> readers and smart cards. The code paths in PKCS#11 differ. Removing a
> card
> from a reader leaves the pkcs#11 slot still available. Removing a
> token (Yubikey)
> removes both the reader and and its builtin smart card. Firefox has a
>
2010 Mar 15
0
Donation of 5 FEITIAN PKI smart cards to OpenSSH project
Dear friends,
We are aware that OpenSSH recently supports smart cards.
FEITIAN and Gooze http://www.gooze.eu kindly offers 5 FEITIAN PKI smart
cards to OpenSSH developers interested with smart card support.
If you are interested, please apply here:
http://www.gooze.eu/feitian-pki-free-software-developer-card
The FEITIAN PKI card is completely compliant with GNU/Linux.
Kind regards,
2010 Sep 23
2
OpenSSH developers @ FOSDEM 2011
Hello,
I'm writing from OpenSC project (OpenSSH used to include OpenSC support for smart cards, it has been removed now and PKCS#11 is used instead, whish is nice), we're planning to have a "Security / hardware crypto keys" themed devroom at FOSDEM next year. Are people on this list interested in participating, and trying to tackle the problem of "Why OpenSSH does not work
2018 Aug 13
8
Why still no PKCS#11 ECC key support in OpenSSH ?
On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote:
> Lack of time on the Open Source projects is understandable, and not uncommon.
>
> However, PKCS11 has been in the codebase practically forever - the ECC
> patches that I saw did not alter the API or such. It is especially
> non-invasive when digital signature is concerned.
>
> Considering how long those patches have
2007 Sep 29
64
[Bug 1371] New: Add PKCS#11 (Smartcards) support into OpenSSH
http://bugzilla.mindrot.org/show_bug.cgi?id=1371
Summary: Add PKCS#11 (Smartcards) support into OpenSSH
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
URL: http://alon.barlev.googlepages.com/openssh-pkcs11
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component:
2018 Jul 31
11
[Bug 2890] New: ssh-agent should not fail after removing and inserting smart card
https://bugzilla.mindrot.org/show_bug.cgi?id=2890
Bug ID: 2890
Summary: ssh-agent should not fail after removing and inserting
smart card
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2018 Feb 26
3
Outstanding PKCS#11 issues
Hello everyone,
as you could have noticed over the years, there are several bugs for
PKCS#11 improvement and integration which are slipping under the radar
for several releases, but the most painful ones are constantly updated
by community to build, work and make our lives better.
I wrote some of the patches, provided feedback to others, or offered
other help here on mailing list, but did not
2010 Apr 08
1
ssh-add -s /usr/lib/opensc-pkcs11.so does not work
Dear friends,
First, thanks for helping me on ssh default option for smartcards. I
recompiled SSH from CVS and it seems to work.
I still have problems with:
ssh-add -s /usr/lib/opensc-pkcs11.so
Enter passphrase for PKCS#11: (I enter PIN code)
SSH_AGENT_FAILURE
Could not add card: /usr/lib/opensc-pkcs11.so
pkcs11-tool --slot 1 -O
Public Key Object; RSA 2048 bits
label: Public Key
ID:
2006 Aug 31
2
R-Project logo in SVG format
Hi,
I'm looking for a version of the R-Project logo in SVG format. I've found
the bitmapped versions,
http://developer.r-project.org/Logo/
but would prefer a scalable version as it usually looks better when
printed.
Where may I find one?
-Lars
Lars Nooden (lars at umich.edu)
On the Internet, nobody knows you're a dog ...
... until you start barking.
2020 Apr 02
2
firefox unable to load pkcs11 module
CentOS 7, In firefox -> privacy & security -> certificates -> security
devices
i am trying to load the pkcs11 modules, but get the error unable to load.
I am following the directions at
https://piv.idmanagement.gov/engineering/firefox/
I have installed opensc and openssl-pkcs11, which
contains /usr/lib64/openssl/engines/pkcs11.so
and am using that is the module
Has anybody here
2010 Dec 15
1
Smart cards, mostly solved
So, it *seems* to be working, pretty much. I needed to install
opensc, openct pcsc-lite, pcsc-lite-openct, and ctapi-common will be
installed as a dependency.
I *removed* coolkey and esc, which depended on it. 100% of the time, they
misidentifed the new/current US federal ID PIV-II cards as coolkey cards,
and popped up this "phone home" window, then a "manage smartcards"
2017 Oct 26
3
[RFC 0/2] add engine based keys
Engine keys are private key files which are only understood by openssl
external engines. ?The problem is they can't be loaded with the usual
openssl methods, they have to be loaded via ENGINE_load_private_key().
?Because they're files, they fit well into openssh pub/private file
structure, so they're not very appropriately handled by the pkcs11
interface because it assumes the private
2017 Apr 05
3
Allow SHA1 deprecation for rsa-sha
On Wed, 5 Apr 2017, Jakub Jelen wrote:
> Disabling SHA-1 for signatures sounds like a good idea these days (and was the
> main reason why the extension created if I read it right [1]).
> This leaves me confused if the use case without SHA1 was missed from the draft
> or it was left as an implementation detail, that was not implemented in
> OpenSSH.
The reasons we didn't
2002 Oct 17
2
playing with smartcard: rsa key upload?
I began playing with smartcard support and enabled this in openssh-3.5p1
on linux.
The -U (upload) option unfortunately doesn't work yet with ssh-keygen:
$ ssh-keygen -U 0
Enter file in which the key is (/home/user/.ssh/id_rsa):
key uploading not yet supported
Is there a tool to upload an openssh rsa key to a smart card so that I can
use it with ssh -I later on? Should I just upload it as a