Displaying 20 results from an estimated 800 matches similar to: "OpenSSH developers @ FOSDEM 2011"
2012 Jan 20
1
Donation of 10 ePass2003 to the OpenSSH project
Dear all,
There were a lot of discussions about smartcards and tokens, and we
would like to make a simple offer: donate to each OpenSSH developer an
ePass2003.
The ePass2003 relies on one single chip and the most advanced OpenSC
token available to date. It is also the cheapest token of all times.
Read a description here:
http://www.gooze.eu/epass-2003
Documentation:
2010 Apr 06
3
Using OpenSSH with smart cards HOWTO
On Tue, 2010-04-06 at 15:52 +0300, Lars Nooden wrote:
> You might wish to focus on sftp instead of scp.
Okay, I will have a look.
I had some problems:
1) I would like to store smart card information
-o PKCS11Provider=/usr/lib/opensc-pkcs11.so
in /etc/ssh/ssh-config. Is it possible?
2) ssh-add -s does not seem to work.
Read:
2009 Nov 20
8
[Bug 1160] OpenSSH should use libopensc.pc instead of opensc-config
https://bugzilla.mindrot.org/show_bug.cgi?id=1160
--- Comment #1 from Darren Tucker <dtucker at zip.com.au> 2009-11-20 21:18:50 EST ---
Created an attachment (id=1727)
--> (https://bugzilla.mindrot.org/attachment.cgi?id=1727)
/home/dtucker/openssh/pending/openssh-opensc-configure.patch
Use pkg-config for opensc if available.
--
Configure bugmail:
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
Hi all,
Thanks for all your hard work! I was particularly excited to see
FIDO/U2F support in the latest release.
I'd like to make the following bug report in ssh-agent's PKCS#11 support:
Steps to reproduce:
1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key.
2. Add that key to ssh-agent.
3. Remove that key from ssh-agent.
4. Add that key to ssh-agent.
Expected results:
2016 Oct 27
11
[Bug 2635] New: Unable to use SSH Agent and user level PKCS11Provider configuration directive
https://bugzilla.mindrot.org/show_bug.cgi?id=2635
Bug ID: 2635
Summary: Unable to use SSH Agent and user level PKCS11Provider
configuration directive
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: normal
Priority: P5
2020 Feb 24
4
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote:
> As a side note, OpenSC is looking at issues with using tokens vs
> separate
> readers and smart cards. The code paths in PKCS#11 differ. Removing a
> card
> from a reader leaves the pkcs#11 slot still available. Removing a
> token (Yubikey)
> removes both the reader and and its builtin smart card. Firefox has a
>
2017 Jun 24
2
OpenSSL 1.1 support status : what next?
On 6/24/2017 11:35 AM, Emmanuel Deloget wrote:
> Hello Douglas,
>
> On Fri, Jun 23, 2017 at 9:16 PM, Douglas E Engert <deengert at gmail.com <mailto:deengert at gmail.com>> wrote:
> > OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
> > a shim for OpenSSL-1.1, the OpenSC code has been converted to
> > the OpenSSL-1.1 API and a
2005 Oct 05
2
ssh-agent add PKCS#11 support
Hello,
PKCS#11 is a standard API interface that can be used in
order to access cryptographic tokens. You can find the
specification at
http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most
smartcard and other cryptographic device vendors support
PKCS#11, opensc also provides PKCS#11 interface.
I can easily make the scard.c, scard-opensc.c and
ssh-agent.c support PKCS#11.
PKCS#11 is
2010 Dec 15
1
Smart cards, mostly solved
So, it *seems* to be working, pretty much. I needed to install
opensc, openct pcsc-lite, pcsc-lite-openct, and ctapi-common will be
installed as a dependency.
I *removed* coolkey and esc, which depended on it. 100% of the time, they
misidentifed the new/current US federal ID PIV-II cards as coolkey cards,
and popped up this "phone home" window, then a "manage smartcards"
2003 May 27
3
[Bug 577] bug (wrong flag) in sc_private_decrypt (scard-opensc.c)
http://bugzilla.mindrot.org/show_bug.cgi?id=577
Summary: bug (wrong flag) in sc_private_decrypt (scard-opensc.c)
Product: Portable OpenSSH
Version: -current
Platform: All
OS/Version: Linux
Status: NEW
Severity: normal
Priority: P2
Component: Smartcard
AssignedTo: openssh-bugs at mindrot.org
2005 Mar 11
2
Dynamic smartcard support?
Hi all, and thanks for everyone's work on the 4.0 release!
There's been recent discussion on the OpenSC mailing list about
getting better/updated smartcard support into OpenSSH.
Originating from an OpenSSH package maintainer's desire to keep
dependencies to a minimum, the idea to load OpenSC dynamically
popped up. Now the question is whether this is an approach that
would be favored
2017 Jun 23
5
OpenSSL 1.1 support status : what next?
OpenSC has taken a different approach to OpenSSL-1.1. Rather then writing
a shim for OpenSSL-1.1, the OpenSC code has been converted to
the OpenSSL-1.1 API and a sc-ossl-compat.h" file consisting of defines and
macros was written to support older versions of OpenSSL and Libressl.
https://github.com/OpenSC/OpenSC/blob/master/src/libopensc/sc-ossl-compat.h
The nice part of this approach is
2018 Feb 26
3
Outstanding PKCS#11 issues
Hello everyone,
as you could have noticed over the years, there are several bugs for
PKCS#11 improvement and integration which are slipping under the radar
for several releases, but the most painful ones are constantly updated
by community to build, work and make our lives better.
I wrote some of the patches, provided feedback to others, or offered
other help here on mailing list, but did not
2010 Apr 08
1
ssh-add -s /usr/lib/opensc-pkcs11.so does not work
Dear friends,
First, thanks for helping me on ssh default option for smartcards. I
recompiled SSH from CVS and it seems to work.
I still have problems with:
ssh-add -s /usr/lib/opensc-pkcs11.so
Enter passphrase for PKCS#11: (I enter PIN code)
SSH_AGENT_FAILURE
Could not add card: /usr/lib/opensc-pkcs11.so
pkcs11-tool --slot 1 -O
Public Key Object; RSA 2048 bits
label: Public Key
ID:
2003 May 08
3
get_pin for scard-opensc.c
I'm attaching a patch to allow ssh client to get a pin from the command line
when using a smartcard. Most of it is from a patch by Danny De Cock
<godot () ulyssis ! org>, but I've used the ssh read_passphrase function
instead. Any errors are mine, I'm sure.
This enables ssh -I 0 to use a pin-protected smartcard via opensc.
Thanks,
Kevin Stefanik
-------------- next part
2008 Jul 31
5
[Bug 1498] New: OpenSC smartcard access should use raw public keys, not X.509 certificates
https://bugzilla.mindrot.org/show_bug.cgi?id=1498
Summary: OpenSC smartcard access should use raw public keys,
not X.509 certificates
Classification: Unclassified
Product: Portable OpenSSH
Version: 5.1p1
Platform: Other
OS/Version: Linux
Status: NEW
Keywords: patch
Severity: normal
2018 Jul 31
11
[Bug 2890] New: ssh-agent should not fail after removing and inserting smart card
https://bugzilla.mindrot.org/show_bug.cgi?id=2890
Bug ID: 2890
Summary: ssh-agent should not fail after removing and inserting
smart card
Product: Portable OpenSSH
Version: 7.7p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component:
2006 May 04
2
xmalloc(foo*bar) -> xcalloc(foo, bar) for Portable
Hi All.
While wandering in auth-pam.c I noticed that there's a few Portable-specific
escapees from the xmalloc(foo * bar) cleanup.
There's also a "probably can't happen" integer overflow in
ssh-rand-helper.c with the memset:
num_cmds = 64;
- entcmd = xmalloc(num_cmds * sizeof(entropy_cmd_t));
+ entcmd = xcalloc(num_cmds, sizeof(entropy_cmd_t));
2020 Apr 20
2
[PATCH] python: Fix UnicodeError in inspect_list_applications2() (RHBZ#1684004)
The python3 bindings create unicode objects from application strings
on the guest (i.e. installed rpm, deb packages).
It is documented that rpm package fields such as description should be
utf8 encoded - however in some cases they are not a valid unicode
string, on SLES11 SP4 the following packages fail to be converted to
unicode using guestfs_int_py_fromstring() (which invokes
2010 Jan 06
2
smart cards (was: OpenSSH daemon security bug?)
On 06.01.2010, at 5:46, openssh-unix-dev-request at mindrot.org wrote:
> OpenSSH daemon security bug?
If you find find passwords and/or password protected keys not secure I would suggest using private keys on a smart card.
There's a bug(with patches) related to smart cards:
https://bugzilla.mindrot.org/show_bug.cgi?id=1371
I don't think that guessing about the protection of the