similar to: [patch] Supporting smartcard readers with PIN entry keypads (updated against -HEAD)

Folks, Find below a minor patch to allow the use of smartcards in readers that have their own PIN entry keypads (Secure PIN entry) such as the SPR332 and most german/medical chipcard devices. Tested on Solaris, FreeBSD and MacOSX against various cards and drivers. I?ve left the pkcs11_interactive check in place. Arguably - with some Secure PIN readers it may be better to move this just in front

Some smartcard readers have keypad to enter the PIN securely (i.e. such that it cannot be intercepted by a rogue (ssh) binary. PKCS#11 allows for enforcing this in hardware. Below patch allows for SSH to make use of this; against head/master as of today. Dw. commit 7f0250a8ae6c639a19d4e1e24fc112d5e2e1249a Author: Dirk-Willem van Gulik <dirkx at webweaving.org> Date: Tue Mar 17

https://bugzilla.mindrot.org/show_bug.cgi?id=2240 Bug ID: 2240 Summary: Secure PIN entry for smartcards through the keypad on the reader (patch) Product: Portable OpenSSH Version: -current Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5

Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet

Hi, OpenSSH 6.7 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This is a big release containing a number of features, a lot of internal refactoring and some potentially-incompatible changes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD:

Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh -I" the second is for "pkcs11-tool -O" In the second log there is private_key visible or offered in the first one is not. I use openssh 6.4 version on Linux or Mac. Log from

The CKF_PROTECTED_AUTHENTICATION_PATH flag (as returned by C_GetTokenInfo) should be used to decide weather to request the PIN via terminal or let the reader fetch the pin from pinpad. https://bugzilla.mindrot.org/show_bug.cgi?id=2185 The patch is attached to the bug report.

Hello, I am struggling to find the root of a exponent function. "uniroot" is complaining about a values at end points not of opposite sign? s<- sapply(1:length(w),function(i) + { + + + + + uniroot(saeqn,lower=-5000,upper=0.01036597923,l=list(t=w[i],gp=gp))$root + }) Error in uniroot(saeqn, lower = -5000, upper = 0.01036597923, l = list(t = w[i], : f() values at

Right now, if I typo my PIN for a PKCS#11 token, I get the inscrutable message: $ ssh -I /path/to/module user at example.com Enter PIN for 'SSH key': C_Login failed: 160 I'd prefer to receive a more useful message: Login to PKCS#11 token failed: Incorrect PIN I've attached a patch that adds specific handling for three common error cases: Incorrect PIN, PIN too long or too

https://bugzilla.mindrot.org/show_bug.cgi?id=2638 Bug ID: 2638 Summary: Honor PKCS#11 CKA_ALWAYS_AUTHENTICATE attribute of the private objects Product: Portable OpenSSH Version: 7.3p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement

https://bugzilla.mindrot.org/show_bug.cgi?id=3635 Bug ID: 3635 Summary: ssh-add -s always asks for PKCS#11 PIN Product: Portable OpenSSH Version: 9.0p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add Assignee: unassigned-bugs at

Hi Alon, I confirmed with pkcs11-tool (from OpenSC) and I can confirm that pressing return when asked for the pin causes the login to stop (and not to try a empty pin). Can you confirm if a empty pin is actually a valid pin, and if not, can the patch be accepted? Once again, the problem is that from a user experience, *some/most* users would expect they can skip pkcs11 token authentication just

Hi Karthick, For questions like this it''s good to loop in the xen-users list as answers may benefit others too. In terms of how to create an ISO.. that''s not quite the intention of these images. SolusVM intends for you to install the OS from an ISO which it will then manage. This is quite possible but I don''t know much about SolusVM. What you would need to do is: 1.

Hello everyone, as you could have noticed over the years, there are several bugs for PKCS#11 improvement and integration which are slipping under the radar for several releases, but the most painful ones are constantly updated by community to build, work and make our lives better. I wrote some of the patches, provided feedback to others, or offered other help here on mailing list, but did not

Does anybody know if there are any external telephone-keypads for sale anywhere? (containing the keys 0-9, *, # and onhook/offhook would do) I am looking for a keypad to control a softphone and would prefer the controls to be in the physical world instead of as a window. Sincerely, Markus Hakansson

https://bugzilla.mindrot.org/show_bug.cgi?id=2185 Bug ID: 2185 Summary: Allow entering the PIN via reader pinpad Product: Portable OpenSSH Version: 6.4p1 Hardware: All OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: Smartcard Assignee: unassigned-bugs at

https://bugzilla.mindrot.org/show_bug.cgi?id=2474 Bug ID: 2474 Summary: Enabling ECDSA in PKCS#11 support for ssh-agent Product: Portable OpenSSH Version: 7.1p1 Hardware: All OS: All Status: NEW Severity: enhancement Priority: P5 Component: ssh-agent Assignee: unassigned-bugs

OpenSSH 8.3 has just been released. It will be available from the mirrors listed at https://www.openssh.com/ shortly. OpenSSH is a 100% complete SSH protocol 2.0 implementation and includes sftp client and server support. Once again, we would like to thank the OpenSSH community for their continued support of the project, especially those who contributed code or patches, reported bugs, tested

https://bugzilla.mindrot.org/show_bug.cgi?id=2652 Bug ID: 2652 Summary: PKCS11 login skipped if login required and no pin set Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Severity: normal Priority: P5 Component: Smartcard Assignee:

A non-text attachment was scrubbed... Name: use-public-keys-instead-of-certs-with-opensc.patch Type: text/x-diff Size: 5512 bytes Desc: enable the use of raw public keys on OpenSC-supported smartcards Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20080620/0fbcb856/attachment.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: not