similar to: [PATCH] allow entering smartcard pin via pinpad

https://bugzilla.mindrot.org/show_bug.cgi?id=2185 Bug ID: 2185 Summary: Allow entering the PIN via reader pinpad Product: Portable OpenSSH Version: 6.4p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Smartcard Assignee: unassigned-bugs at

Some smartcard readers have keypad to enter the PIN securely (i.e. such that it cannot be intercepted by a rogue (ssh) binary. PKCS#11 allows for enforcing this in hardware. Below patch allows for SSH to make use of this; against head/master as of today. Dw. commit 7f0250a8ae6c639a19d4e1e24fc112d5e2e1249a Author: Dirk-Willem van Gulik <dirkx at webweaving.org> Date: Tue Mar 17

Folks, Find below a minor patch to allow the use of smartcards in readers that have their own PIN entry keypads (Secure PIN entry) such as the SPR332 and most german/medical chipcard devices. Tested on Solaris, FreeBSD and MacOSX against various cards and drivers. I?ve left the pkcs11_interactive check in place. Arguably - with some Secure PIN readers it may be better to move this just in front

Repost; updated for HEAD and tested on ubuntu as well. Dw. Folks, Find below a minor patch to allow the use of smartcards in readers that have their own PIN entry keypads (Secure PIN entry) such as the SPR332 and most german/medical chipcard devices. Tested on Solaris, FreeBSD, Linux and MacOSX against various cards and drivers. I?ve left the pkcs11_interactive check in place. Arguably - with

https://bugzilla.mindrot.org/show_bug.cgi?id=2240 Bug ID: 2240 Summary: Secure PIN entry for smartcards through the keypad on the reader (patch) Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

https://bugzilla.mindrot.org/show_bug.cgi?id=1512 Summary: Only a single smartcard/PIN is supported by the ssh-agent Product: Portable OpenSSH Version: 5.1p1 Platform: Other OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo:

https://bugzilla.mindrot.org/show_bug.cgi?id=3635 Bug ID: 3635 Summary: ssh-add -s always asks for PKCS#11 PIN Product: Portable OpenSSH Version: 9.0p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2652 Bug ID: 2652 Summary: PKCS11 login skipped if login required and no pin set Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Smartcard Assignee:

Hi all, as an example of SSP-Lite middleware, I modified the OpenSSH-2.9p2 sources to support Smart Cards. The new module is just an experiment. It uses an OpenSSL's new RSA method I built to communicate with the smartcard through the SSP/PCSC stack when normal OpenSSL RSA operations are invoked by OpenSSH. I couldn't embed the module as I wanted into the OpenSSH sources because of the

Hi all, as an example of SSP-Lite middleware, I modified the OpenSSH-2.9p2 sources to support Smart Cards. The new module is just an experiment. It uses an OpenSSL's new RSA method I built to communicate with the smartcard through the SSP/PCSC stack when normal OpenSSL RSA operations are invoked by OpenSSH. I couldn't embed the module as I wanted into the OpenSSH sources because of the

Hi! Are there anyone out there who can give me some informations about this issue?... Thanks, Elek J?zsef -----Original Message----- From: Elek J?zsef [mailto:elekj@ekg.gov.hu] Sent: Thursday, October 03, 2002 9:57 AM To: samba@lists.samba.org Cc: K-D Andr?si Istv?n Subject: Question regarding the possibility of W2K smartcard logon Hi! I could not find any documentation about the

Hello, Theo, Niels, Jim Rees and I have discussed about integration of smartcard to OpenSSH. Later I have found that OpenSSH has two versions - clean and portable. Now I am wondering which version we should start from. Any suggestions? Thanks. -- Concentration .. Naomaru Itoi

Hi, I'm interested in extending OpenSSH's PKCS#11 code to support ECDSA keys, but have so far been unable to find anyone who can sell me a smartcard that supports it. They certainly exist - AFAIK it's required by the US PIV standard, but obtaining cards that support it in single digit quantities seems all but impossible. Can anybody on this list help? I'd want 2-6 cards/tokens

Hello list! I am trying to get my chipdrive micro smartcard working with openssh. I read the README.smartcard, but i got stuck with sectok. It might be a little offtopic but i am totally stuck! After it compiled libsectok without the -Bforcearchive flag i tried to compile sectok: [root at box sectok-20020524]# make gcc -o sectok main.o cmds.o cyberflex.o ../libsectok/libsectok.a -lcrypto cmds.o:

Hi. Is is possible to use GPG on the host instead of NSS with virtual smartcards? Please document how or add support for it. Can a virtual smartcard make the host less secure? If there are bugs in GPG/NSS backend on the host can they be abused by untrusted code in the vm?

Hi, sorry, I'm not on the list, so please answer directly. I use opensc-0.7.0 and pcsc-lite-1.1.1 under FreeBSD 4.6 with Gemplus 410 and 430 smartcard readers and Schlumberger cryptoflex smartcards. I used openssh-3.2.2p1 but the relevant file scard-opensc.c is unchanged in 3.4. RSA authentication to a remote host running opensshd did not work with the smartcard. Investigating the problem

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not

Some reactions on the thread : Integrating SmartCard in PAM is no problem. Problem I'm facing with for example CryptoCard and SecureID tokens is that those manufacturers refuse to give out any form of information about the internal operation of those tokens. That prevents me from implementing event synchronous mode. The best way to handle this with SSH is probably the way for example Apache

Hi all, and thanks for everyone's work on the 4.0 release! There's been recent discussion on the OpenSC mailing list about getting better/updated smartcard support into OpenSSH. Originating from an OpenSSH package maintainer's desire to keep dependencies to a minimum, the idea to load OpenSC dynamically popped up. Now the question is whether this is an approach that would be favored

What's happening: I put my "SmartCard" in the reader, and the Coolkey phone home window pops up. I close it, and the SmartCard manager window pops up, saying it's not initialized. Neither of these should be happening with these cards (US federal gov't issue, not DoD). Googling, I find <https://rhn.redhat.com/errata/RHBA-2010-0068.html>, and in that, it says (in part):