similar to: [PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11

Displaying 20 results from an estimated 1000 matches similar to: "[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11"

2016 Nov 16
3
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
Some HSM's such as Safenet Network HSM do not allow searching for keys unauthenticated. To support such devices provide a mechanism for users to provide a pin code that is always used to automatically log in to the HSM when using PKCS11. The pin code is read from a file specified by the environment variable SSH_PKCS11_PINFILE if it is set. Tested against Safenet Network HSM. ---
2016 Nov 16
2
[PATCH] ssh-pkcs11: allow providing unconditional pin code for PKCS11
On 11/16/16, 8:55 AM, "openssh-unix-dev on behalf of Juha-Matti Tapio" <openssh-unix-dev-bounces+uri=ll.mit.edu at mindrot.org on behalf of jmtapio at ssh.com> wrote: On Wed, Nov 16, 2016 at 12:54:44PM +0000, Blumenthal, Uri - 0553 - MITLL wrote: > I find this approach very bad in general. > > PKCS#11 standard says that *private* keys should not be
2024 Sep 23
1
[PATCH] sshd: Add pkcs11 support for HostKey.
Hello, OpenSSH supports PKCS#11 on the client side, but that does not extend to the server side. I would like to bring PKCS#11 support to sshd. I am working on embedded Linux systems with integrated HSM. The sshd host key is stored on the HSM. To have sshd using that key, we rely on the following chain: sshd -> OpenSSL -> OpenSSL Engine -> HSM Having PKCS#11 support in sshd, would
2020 Aug 26
10
[Bug 3202] New: Ed25519 key on HSM is not getting listed in ssh-add -l command
https://bugzilla.mindrot.org/show_bug.cgi?id=3202 Bug ID: 3202 Summary: Ed25519 key on HSM is not getting listed in ssh-add -l command Product: Portable OpenSSH Version: 8.2p1 Hardware: ARM64 OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add
2014 Jan 28
1
safenet eToken 5100 pkcs11 bug(?)
Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh -I" the second is for "pkcs11-tool -O" In the second log there is private_key visible or offered in the first one is not. I use openssh 6.4 version on Linux or Mac. Log from
2023 Apr 10
6
[Bug 3561] New: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11
https://bugzilla.mindrot.org/show_bug.cgi?id=3561 Bug ID: 3561 Summary: Open SSH does not support 1-byte structure packing on non-windows systems for PKCS11 Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: All Status: NEW Severity: enhancement Priority: P5
2017 Jan 11
2
HSM
Hmm, don't you just love changing terminology! I've been using HSM systems at work since '99. BTW, DMAPI is the Data Management API which was a common(ish) extension used by amongst others SGI and IBM. Back to lvmcache. It looks interesting. I'd earlier dismissed LVM since it is block orientated, not file orientated. Probably because my mental image is of files migrating to
2023 Nov 19
2
[Bug 3635] New: ssh-add -s always asks for PKCS#11 PIN
https://bugzilla.mindrot.org/show_bug.cgi?id=3635 Bug ID: 3635 Summary: ssh-add -s always asks for PKCS#11 PIN Product: Portable OpenSSH Version: 9.0p1 Hardware: Other OS: Linux Status: NEW Severity: enhancement Priority: P5 Component: ssh-add Assignee: unassigned-bugs at
2017 Jan 11
2
HSM
I think there may be some confusion here. By HSM I was referring to Hierarchical Storage Management, whereby there are multiple levels of storage (fast+expensive <-> slow+cheap) and files migrate up or down. Originally it was used to keep data on tape with the metadata residing on disk though it has been expanded to allow a SAS/SATA hierarchy. Quite where PKI comes in I'm not sure,
2007 Jan 03
1
To Andrew Tridgell -- new Samba forum
Andrew, I have a software which need the following package but I can't find it in Internet. Could you advice me where I can download it? samba-3.0.10-1.4E6.HSM.2.i386 samba-common-3.0.10-1.3E.6.HSM.2 samba-client-3.0.10-1.4E.6.HSM.2 Thanks, Isaac Chan
2013 Dec 11
4
OpenSSH 6.3p1 Smartcard-Support
Hi there, has anybody managed to get the eToken Pro Anywhere work with SSH? I'm using the latest SafeNetAuthentication drivers available for Ubuntu 64bit (8.3) and everything is working just fine except for ssh. I can use the eToken for logging in, openvpn, rdestkop, etc. but it seems ssh does not recognize the device properly. The command "ssh -I /usr/lib/libeToken.so.8 user at
2006 May 24
1
ZFS and HSM
I said I had several questions to start threads on.... What about ZFS and various HSM solutions? Do any of them already work with ZFS? Are any going to? It seems like HSM solutions that access things at a file level would have little trouble integrating with ZFS. But ones that work at a block level would have a harder time. On that same thread, what about support for DMAPI within ZFS?
2017 Jan 11
3
HSM
Purely from interest, is there any current FOSS implementation of HSM? I note that XFS has dropped support for DMAPI, have other filesystems? Regards, Martin -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 836 bytes Desc: OpenPGP digital signature URL:
2023 Jun 14
1
[Bug 3579] New: OpenSSH trims last character of fixed-lenght buffers received from the pkcs11 providers providing users with inaccurate information
https://bugzilla.mindrot.org/show_bug.cgi?id=3579 Bug ID: 3579 Summary: OpenSSH trims last character of fixed-lenght buffers received from the pkcs11 providers providing users with inaccurate information Product: Portable OpenSSH Version: 9.3p1 Hardware: Other OS: Linux
2008 Jun 05
1
samba GPFS and HSM?
Hi - I was wondering if any of you may be able to point me in the right direction. I am in the process of designing a fairly large fileserver solution in an MS Active directory environment. I have setup and tested ctdb samba, however, after several discussions with a couple of my colleagues, i am now considering a more vanilla flavour of samba. The key features the solution requires are: •
2019 Oct 30
1
Dovecot HSM
Hi. I'm looking for a tutorial/how-to for a HSM (Hierarchical /Storage/ Management). keeping old messages for a user in a cheap storage and recent messages in a faster one. I see on dovecot2 wiki an alternative for hsm as "Alternate storage", but I don't now if it's a good solution for me. The expected result is a faster imap/pop access for new messages on a
2016 Dec 13
4
pkcs #11/hardware support for server keys/sshd?
Hello, Is there any support (existing or planned) for host keys/certs being managed by some hardware device (tpm,hsm,etc..) instead of a flat file? thanks, -Kenny
2005 Dec 13
3
Ices0 and ShoutCast (and KiSS)
I have successfully set up a system with Ices0.4 and IceCast2.20 (and Tunez). It plays well using mpg123 or WinAmp. But I would like to use also my KiSS DVD player for the stream, and I have not been able to do so - It appearently needs 110% SHOUTcast compatibility. So I tried the IceCast2.3.1 - but it still didn't like the KiSS (or the other way around). In stead, I have added a SHOUTcast
2006 Jul 24
4
safenet on debian etch
Hi List, I just got myself a new everpower-1000va. according to the compatibility list, the 'safenet' driver supposed to support it, however, when I try, I get this in syslog: Jul 24 15:05:22 tv upsd[26458]: Can't connect to UPS [everpower1000] (safenet-ttyS1): No such file or directory this is my ups.conf: [everpower1000] driver = safenet port = /dev/ttyS1 desc =
2007 Oct 11
1
--detect-renamed question
I've started testing the detect-renamed patch with 2.6.9 and soon 3.0.0pre1. I have an unique situation where I'm rsync'ing to a HSM based filesystem. I've found that the detect-renamed patch works but it appears to do a copy of the file to the new destination. This is particular slow since the file in the HSM based filesystem may only be a stub and all the data is only resident