Re: Using OpenSSH with smart cards HOWTO

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Using OpenSSH with smart cards HOWTO

Douglas E. Engert
I am sending your responce to the OpenSC list, as others
might wnat to know what you found.

What versions of OpenSC and OpenSSH and on what platform
was it failing?


François Pérou wrote:

> On Wed, 2010-04-07 at 14:32 -0500, Douglas E. Engert wrote:
>> Can you use the pkcs11-tool to read the certificate and
>> public key from you card?
>>
>> You could try setting the debug and error parameters in
>> the opensc.conf file to see if opensc loads and is called by ssh.
>
> Dear Douglas,
>
> I compiled from CVS and now OpenSSH client is able to read
> PKCS11Provider /usr/lib/opensc-pkcs11.so
> in /etc/ssh/ssh_config
>
> So the problem seems to be fixed in CVS.
>
> Kind regards,
> François
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Using OpenSSH with smart cards HOWTO

Jean-Michel Pouré - GOOZE
On Thu, 2010-04-08 at 09:00 -0500, Douglas E. Engert wrote:
> I am sending your responce to the OpenSC list, as others
> might wnat to know what you found.

I reported a bug on OpenSSH:
https://bugzilla.mindrot.org/show_bug.cgi?id=1751

> What versions of OpenSC and OpenSSH and on what platform
> was it failing?

OpenSC latest SVN version.
OpenSSH latest CVS version.
Debian SID, AMD64.

Kind regards,
Jean-Michel
--
                  Jean-Michel Pouré - [hidden email]

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Using OpenSSH with smart cards HOWTO

Andreas Jellinghaus-2
In reply to this post by Douglas E. Engert
Am Donnerstag 08 April 2010 16:00:54 schrieb Douglas E. Engert:
> I am sending your responce to the OpenSC list, as others
> might wnat to know what you found.
>
> What versions of OpenSC and OpenSSH and on what platform
> was it failing?

for me latest openssh worked fine (not sure if I tested it
with trunk or latest release). I don't remember the exact
options I used, but it was exactly those in the documentation.

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Using OpenSSH with smart cards HOWTO

Andreas Jellinghaus-2
In reply to this post by Jean-Michel Pouré - GOOZE
Am Donnerstag 08 April 2010 16:24:59 schrieb Jean-Michel Pouré - GOOZE:
> On Thu, 2010-04-08 at 09:00 -0500, Douglas E. Engert wrote:
> > I am sending your responce to the OpenSC list, as others
> > might wnat to know what you found.
>
> I reported a bug on OpenSSH:
> https://bugzilla.mindrot.org/show_bug.cgi?id=1751

what exactly are you trying to do there? I'm confused.

you need to
* start ssh-agent configured with opensc-pkcs11.so
* then use ssh-add to register the key in the smart card
  (not sure if you need to specify the opensc-pkcs11.so object here).

it won't work if you
* run ssh-agent without opensc-pkcs11.so option
* run ssh-add with opensc-pkcs11.so option

at least I guess that won't work. how could a command line tool
pass info the the agent? I guess not at all - its not a file
which you can decrypt and then forward the content.

in the other direction it should work fine - ssh-add asks
for the pin, ssh-agent opens the token/slot and accesses
the key.

also not sure if you need to specify slot or token...

Regards, Andreas
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Using OpenSSH with smart cards HOWTO

Jean-Michel Pouré - GOOZE
On Thu, 2010-04-08 at 22:16 +0200, Andreas Jellinghaus wrote:
> * start ssh-agent configured with opensc-pkcs11.so
> * then use ssh-add to register the key in the smart card
>   (not sure if you need to specify the opensc-pkcs11.so object here).

Thanks. Then how can start ssh-agent with opensc-pkcs11.so . I cannot
find the command in manual.

Kind regards,
--
                  Jean-Michel Pouré - [hidden email]

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel