similar to: Using OpenSSH with smart cards HOWTO

Dear all, There were a lot of discussions about smartcards and tokens, and we would like to make a simple offer: donate to each OpenSSH developer an ePass2003. The ePass2003 relies on one single chip and the most advanced OpenSC token available to date. It is also the cheapest token of all times. Read a description here: http://www.gooze.eu/epass-2003 Documentation:

Hi, I have not found any way to use a Certificate with ssh-agent when my Key is stored on a pkcs11 device. I can add my key with ssh-add -s /usr/local/lib/opensc-pkcs11.so but ssh-add -s /usr/local/lib/opensc-pkcs11.so ~/.ssh/mykey-cert.pub does not add the certificate to my agent. As far as I undestand, in ssh-add.c line 580 if (pkcs11provider != NULL) { if (update_card(agent_fd,

https://bugzilla.mindrot.org/show_bug.cgi?id=2635 Bug ID: 2635 Summary: Unable to use SSH Agent and user level PKCS11Provider configuration directive Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5

[[Sending again, as for some strange reason it is not accepted]] Hello OpenSSH developers, I maintain external patch for PKCS#11 smartcard support into OpenSSH[1] , many users already apply and use this patch. I wish to know if anyone is interesting in working toward merging this into mainline. I had some discussion with Damien Miller, but then he disappeared. Having standard smartcard

https://bugzilla.mindrot.org/show_bug.cgi?id=1736 Summary: OpenSSH doesn't seem to work with my MuscleCard PKCS#11 library Product: Portable OpenSSH Version: 5.4p1 Platform: ix86 OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

Hi all, Thanks for all your hard work! I was particularly excited to see FIDO/U2F support in the latest release. I'd like to make the following bug report in ssh-agent's PKCS#11 support: Steps to reproduce: 1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key. 2. Add that key to ssh-agent. 3. Remove that key from ssh-agent. 4. Add that key to ssh-agent. Expected results:

On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote: > As a side note, OpenSC is looking at issues with using tokens vs > separate > readers and smart cards. The code paths in PKCS#11 differ. Removing a > card > from a reader leaves the pkcs#11 slot still available. Removing a > token (Yubikey) > removes both the reader and and its builtin smart card. Firefox has a >

Dear friends, We are aware that OpenSSH recently supports smart cards. FEITIAN and Gooze http://www.gooze.eu kindly offers 5 FEITIAN PKI smart cards to OpenSSH developers interested with smart card support. If you are interested, please apply here: http://www.gooze.eu/feitian-pki-free-software-developer-card The FEITIAN PKI card is completely compliant with GNU/Linux. Kind regards,

Hello, I'm writing from OpenSC project (OpenSSH used to include OpenSC support for smart cards, it has been removed now and PKCS#11 is used instead, whish is nice), we're planning to have a "Security / hardware crypto keys" themed devroom at FOSDEM next year. Are people on this list interested in participating, and trying to tackle the problem of "Why OpenSSH does not work

On Mon, 13 Aug 2018, Blumenthal, Uri - 0553 - MITLL wrote: > Lack of time on the Open Source projects is understandable, and not uncommon. > > However, PKCS11 has been in the codebase practically forever - the ECC > patches that I saw did not alter the API or such. It is especially > non-invasive when digital signature is concerned. > > Considering how long those patches have

http://bugzilla.mindrot.org/show_bug.cgi?id=1371 Summary: Add PKCS#11 (Smartcards) support into OpenSSH Product: Portable OpenSSH Version: 4.7p1 Platform: All URL: http://alon.barlev.googlepages.com/openssh-pkcs11 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component:

https://bugzilla.mindrot.org/show_bug.cgi?id=2890 Bug ID: 2890 Summary: ssh-agent should not fail after removing and inserting smart card Product: Portable OpenSSH Version: 7.7p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component:

Hello everyone, as you could have noticed over the years, there are several bugs for PKCS#11 improvement and integration which are slipping under the radar for several releases, but the most painful ones are constantly updated by community to build, work and make our lives better. I wrote some of the patches, provided feedback to others, or offered other help here on mailing list, but did not

Dear friends, First, thanks for helping me on ssh default option for smartcards. I recompiled SSH from CVS and it seems to work. I still have problems with: ssh-add -s /usr/lib/opensc-pkcs11.so Enter passphrase for PKCS#11: (I enter PIN code) SSH_AGENT_FAILURE Could not add card: /usr/lib/opensc-pkcs11.so pkcs11-tool --slot 1 -O Public Key Object; RSA 2048 bits label: Public Key ID:

Hi, I'm looking for a version of the R-Project logo in SVG format. I've found the bitmapped versions, http://developer.r-project.org/Logo/ but would prefer a scalable version as it usually looks better when printed. Where may I find one? -Lars Lars Nooden (lars at umich.edu) On the Internet, nobody knows you're a dog ... ... until you start barking.

CentOS 7, In firefox -> privacy & security -> certificates -> security devices i am trying to load the pkcs11 modules, but get the error unable to load. I am following the directions at https://piv.idmanagement.gov/engineering/firefox/ I have installed opensc and openssl-pkcs11, which contains /usr/lib64/openssl/engines/pkcs11.so and am using that is the module Has anybody here

So, it *seems* to be working, pretty much. I needed to install opensc, openct pcsc-lite, pcsc-lite-openct, and ctapi-common will be installed as a dependency. I *removed* coolkey and esc, which depended on it. 100% of the time, they misidentifed the new/current US federal ID PIV-II cards as coolkey cards, and popped up this "phone home" window, then a "manage smartcards"

Engine keys are private key files which are only understood by openssl external engines. ?The problem is they can't be loaded with the usual openssl methods, they have to be loaded via ENGINE_load_private_key(). ?Because they're files, they fit well into openssh pub/private file structure, so they're not very appropriately handled by the pkcs11 interface because it assumes the private

On Wed, 5 Apr 2017, Jakub Jelen wrote: > Disabling SHA-1 for signatures sounds like a good idea these days (and was the > main reason why the extension created if I read it right [1]). > This leaves me confused if the use case without SHA1 was missed from the draft > or it was left as an implementation detail, that was not implemented in > OpenSSH. The reasons we didn't

I began playing with smartcard support and enabled this in openssh-3.5p1 on linux. The -U (upload) option unfortunately doesn't work yet with ssh-keygen: $ ssh-keygen -U 0 Enter file in which the key is (/home/user/.ssh/id_rsa): key uploading not yet supported Is there a tool to upload an openssh rsa key to a smart card so that I can use it with ssh -I later on? Should I just upload it as a