Displaying 20 results from an estimated 10000 matches similar to: "Converting a public PEM-file to OpenSSH public file format"
2012 Sep 09
2
Patch for ssh-keygen to allow conversion of public key to openssh format
Hi,
I needed to convert a public RSA key to autorized_keys format and found
ssh-keygen lacking this feature.
I made the option -Q publicfile to allow an conversion like
ssh-keygen -Q pubrsa.pem -y
The patch is produced using unified diff and made on latest release.
If you like it and can make a patch for the man-page also!
Regards,
/Lars
-------------- next part --------------
diff -u
2007 Sep 29
64
[Bug 1371] New: Add PKCS#11 (Smartcards) support into OpenSSH
http://bugzilla.mindrot.org/show_bug.cgi?id=1371
Summary: Add PKCS#11 (Smartcards) support into OpenSSH
Product: Portable OpenSSH
Version: 4.7p1
Platform: All
URL: http://alon.barlev.googlepages.com/openssh-pkcs11
OS/Version: All
Status: NEW
Severity: enhancement
Priority: P2
Component:
2002 Oct 17
2
playing with smartcard: rsa key upload?
I began playing with smartcard support and enabled this in openssh-3.5p1
on linux.
The -U (upload) option unfortunately doesn't work yet with ssh-keygen:
$ ssh-keygen -U 0
Enter file in which the key is (/home/user/.ssh/id_rsa):
key uploading not yet supported
Is there a tool to upload an openssh rsa key to a smart card so that I can
use it with ssh -I later on? Should I just upload it as a
2019 Oct 01
9
Call for testing: OpenSSH 8.1
Hi,
OpenSSH 8.1p1 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a bugfix release.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH is also available via git using the
instructions at
2000 Oct 17
5
Smartcards & SSH
Hi all,
I'm new to this mailing list, so I apologize if my question
is "obsolete" for you.
I'd like to know if anybody has a clear idea about
how to connect smartcards to the SSH framework.
I yet got a modified ssh-agent (by Stephen Pellicer)
that uses SSP-Lite (CyberflexAccess driver by me)
in order to use the smartcard instead of the HD files.
Instead, I'd like to
2015 Jul 16
13
[Bug 2430] New: ssh-keygen should allow to login before reading public key from smart card
https://bugzilla.mindrot.org/show_bug.cgi?id=2430
Bug ID: 2430
Summary: ssh-keygen should allow to login before reading public
key from smart card
Product: Portable OpenSSH
Version: 6.9p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
2006 May 27
2
[ANNOUNCE] PKCS#11 support in OpenSSH 4.3p2 (version 0.11)
Hello,
The version 0.11 of "PKCS#11 support in OpenSSH" is published.
Changes:
1. Updated against OpenSSH 4.3p2.
2. Modified against Roumen Petrov's X.509 patch (version
5.4), so self-signed certificates are treated by the X.509
patch now.
3. Added --pkcs11-x509-force-ssh if X.509 patch applied,
until some issues with the X.509 patch are resolved.
4. Fixed issues with gcc-2.
You
2018 Dec 19
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
Alon,
On 12/18/2018 06:52 PM, Alon Bar-Lev wrote:
> OK... So you have an issue...
>
> First, you need to delegate your smartcard to remote machine, probably
> using unix socket redirection managed by openssh. This can be done in
> many levels...
> 1. Delegate USB device, this will enable only exclusive usage of the
> smartcard by remote machine.
> 2. Delegate PC/SC, this
2020 Jul 18
10
[Bug 3195] New: ssh-keygen unable to convert ED25519 public keys
https://bugzilla.mindrot.org/show_bug.cgi?id=3195
Bug ID: 3195
Summary: ssh-keygen unable to convert ED25519 public keys
Product: Portable OpenSSH
Version: 8.2p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-keygen
Assignee:
2010 Aug 09
8
Call for testing: OpenSSH-5.6
Hi,
OpenSSH 5.6 is almost ready for release, so we would appreciate testing
on as many platforms and systems as possible. This is a moderately large
release, with a number of new features and bug fixes.
Snapshot releases for portable OpenSSH are available from
http://www.mindrot.org/openssh_snap/
The OpenBSD version is available in CVS HEAD:
http://www.openbsd.org/anoncvs.html
Portable OpenSSH
2007 Sep 25
9
OpenSSH PKCS#11merge
[[Sending again, as for some strange reason it is not accepted]]
Hello OpenSSH developers,
I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.
I wish to know if anyone is interesting in working toward merging this
into mainline.
I had some discussion with Damien Miller, but then he disappeared.
Having standard smartcard
2012 Jul 28
1
[PATCH] ssh-keygen: support public key import/export using SubjectPublicKeyInfo
ssh-keygen already supports importing and exporting ssh keys using
various formats.
The "-m PEM" which should have been the easiest to be used with
various of external application expects PKCS#1 encoded key, while
many applications use SubjectPublicKeyInfo encoded key.
This change adds SubjectPublicKeyInfo support, to ease integration
with applications.
Examples:
## convert
2018 Dec 18
2
RFE: OpenSSH Support for PKCS11 Funneling to PAM for Kerberos/PKINIT
Alon,
I should have provided more background. You are assuming that I could
perform the PKINIT prior to connecting to the SSH server. In this case
(and others) there is an interest in not exposing the kerberos servers
to the world and thus someone connecting remotely would not be able to
obtain a TGT or do a PKINIT. The goal would be for SSH to handle all
the auth and only after connecting to
2010 Sep 25
1
ssh-keygen with libpkcs11.so can't work
Hi,
I'm trying the new feature "ssh-keygen(1) now supports signing certificate
using a CA key that has been stored in a PKCS#11 token".
According to the manpage, I should use "-D" option. And I had a problem
with this option.
root at ubuntu-desktop[/home/adam/temp7]#ssh-keygen -s ca_key.pub -D
libpkcs11.so -I key_id id_rsa.pub
dlopen libpkcs11.so failed: libpkcs11.so:
2015 Sep 28
33
[Bug 2474] New: Enabling ECDSA in PKCS#11 support for ssh-agent
https://bugzilla.mindrot.org/show_bug.cgi?id=2474
Bug ID: 2474
Summary: Enabling ECDSA in PKCS#11 support for ssh-agent
Product: Portable OpenSSH
Version: 7.1p1
Hardware: All
OS: All
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: unassigned-bugs
2005 Oct 05
2
ssh-agent add PKCS#11 support
Hello,
PKCS#11 is a standard API interface that can be used in
order to access cryptographic tokens. You can find the
specification at
http://www.rsasecurity.com/rsalabs/node.asp?id=2133, most
smartcard and other cryptographic device vendors support
PKCS#11, opensc also provides PKCS#11 interface.
I can easily make the scard.c, scard-opensc.c and
ssh-agent.c support PKCS#11.
PKCS#11 is
2015 Mar 31
7
Wanted: smartcard with ECDSA support
Hi list,
I have no idea if Damien Miller had the time to work on that.
I have an initial patch to authenticate using PKCS#11 and ECDSA keys.
This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the
required interfaces to override the signature function pointer for ECDSA.
The only limitation is that the OpenSSL API misses some cleanup function
(finish, for instance), hence I have yet
2020 Feb 22
3
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
Hi all,
Thanks for all your hard work! I was particularly excited to see
FIDO/U2F support in the latest release.
I'd like to make the following bug report in ssh-agent's PKCS#11 support:
Steps to reproduce:
1. Configure a smart card (e.g. Yubikey in PIV mode) as an SSH key.
2. Add that key to ssh-agent.
3. Remove that key from ssh-agent.
4. Add that key to ssh-agent.
Expected results:
2015 Oct 08
2
[PATCH] Enabling ECDSA in PKCS#11 support for ssh-agent
On 10/8/2015 4:49 AM, Simon Josefsson wrote:
> Mathias Brossard <mathias at brossard.org> writes:
>
>> Hi,
>>
>> I have made a patch for enabling the use of ECDSA keys in the PKCS#11
>> support of ssh-agent which will be of interest to other users.
>
> Nice! What would it take to add support for Ed25519 too? Do we need to
> allocate any new PKCS#11
2020 Feb 24
4
Re-adding PKCS#11 key in ssh-agent produces "agent refused operation" error.
On Sat, 2020-02-22 at 10:50 -0600, Douglas E Engert wrote:
> As a side note, OpenSC is looking at issues with using tokens vs
> separate
> readers and smart cards. The code paths in PKCS#11 differ. Removing a
> card
> from a reader leaves the pkcs#11 slot still available. Removing a
> token (Yubikey)
> removes both the reader and and its builtin smart card. Firefox has a
>