Fwd: Smart Card support

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Smart Card support

Douglas E Engert

OpenSC developers may wish to comment on this OpenSSH note.

-------- Forwarded Message --------
Subject: Smart Card support
Date: Thu, 16 Jul 2015 10:37:10 +0200
From: Jakub Jelen <[hidden email]>
To: [hidden email]

Hi all,
I was investigating openssh functionality with Smart Cards of different
types from different vendors and there appeared few problems that would
be great if they would be solved before 7.0 release. I filled bugs for
them to keep track of them in openssh bugzilla

Bug 2427 - ssh keygen is trying to read uninitialized slots on smart
card (and is failing) [1]
Bug 2429 - ssh-keygen ignores keys that have CKA_ID == 0 [2]
Bug 2430 - ssh-keygen should allow to login before reading public key
from smart card [3]

Is there somebody who would be able to review the proposed changes and
comment on the last one, what solution would be better? Then I can
propose also some patch.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2427
[2] https://bugzilla.mindrot.org/show_bug.cgi?id=2429
[3] https://bugzilla.mindrot.org/show_bug.cgi?id=2430

Best regards,

--
Jakub Jelen
Security Technologies
Red Hat

_______________________________________________
openssh-unix-dev mailing list
[hidden email]
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Smart Card support

J.Witvliet
Question remains _if_ you want to use the ssh-keys directly from openssh....

In the commercial version of openssh you seems to be able to use the entire openssl-tool chain for key's and certificates
And there used to be a patch for the community version of openssh (Roumen Petrov) with the possibility of tokens/smartcards
See: http://roumenpetrov.info/openssh latest patch version: 1 jul 2015, so it is still maintained.

Hw

-----Original Message-----
From: Douglas E Engert [mailto:[hidden email]]
Sent: donderdag 16 juli 2015 13:39
To: OpenSC-devel
Subject: [Opensc-devel] Fwd: Smart Card support


OpenSC developers may wish to comment on this OpenSSH note.

-------- Forwarded Message --------
Subject: Smart Card support
Date: Thu, 16 Jul 2015 10:37:10 +0200
From: Jakub Jelen <[hidden email]>
To: [hidden email]

Hi all,
I was investigating openssh functionality with Smart Cards of different types from different vendors and there appeared few problems that would be great if they would be solved before 7.0 release. I filled bugs for them to keep track of them in openssh bugzilla

Bug 2427 - ssh keygen is trying to read uninitialized slots on smart card (and is failing) [1] Bug 2429 - ssh-keygen ignores keys that have CKA_ID == 0 [2] Bug 2430 - ssh-keygen should allow to login before reading public key from smart card [3]

Is there somebody who would be able to review the proposed changes and comment on the last one, what solution would be better? Then I can propose also some patch.

[1] https://bugzilla.mindrot.org/show_bug.cgi?id=2427
[2] https://bugzilla.mindrot.org/show_bug.cgi?id=2429
[3] https://bugzilla.mindrot.org/show_bug.cgi?id=2430

Best regards,

--
Jakub Jelen
Security Technologies
Red Hat

_______________________________________________
openssh-unix-dev mailing list
[hidden email]
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

______________________________________________________________________
Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

------------------------------------------------------------------------------
Don't Limit Your Business. Reach for the Cloud.
GigeNET's Cloud Solutions provide you with the tools and support that
you need to offload your IT needs and focus on growing your business.
Configured For All Businesses. Start Your Cloud Today.
https://www.gigenetcloud.com/
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel