I am sending your responce to the OpenSC list, as others
might wnat to know what you found.
What versions of OpenSC and OpenSSH and on what platform
was it failing?
François Pérou wrote:
> On Wed, 2010-04-07 at 14:32 -0500, Douglas E. Engert wrote:
>> Can you use the pkcs11-tool to read the certificate and
>> public key from you card?
>> You could try setting the debug and error parameters in
>> the opensc.conf file to see if opensc loads and is called by ssh.
> Dear Douglas,
> I compiled from CVS and now OpenSSH client is able to read
> PKCS11Provider /usr/lib/opensc-pkcs11.so
> in /etc/ssh/ssh_config
> So the problem seems to be fixed in CVS.
> Kind regards,
Am Donnerstag 08 April 2010 16:00:54 schrieb Douglas E. Engert:
> I am sending your responce to the OpenSC list, as others
> might wnat to know what you found.
> What versions of OpenSC and OpenSSH and on what platform
> was it failing?
for me latest openssh worked fine (not sure if I tested it
with trunk or latest release). I don't remember the exact
options I used, but it was exactly those in the documentation.
In reply to this post by Jean-Michel Pouré - GOOZE
Am Donnerstag 08 April 2010 16:24:59 schrieb Jean-Michel Pouré - GOOZE:
> On Thu, 2010-04-08 at 09:00 -0500, Douglas E. Engert wrote:
> > I am sending your responce to the OpenSC list, as others
> > might wnat to know what you found.
> I reported a bug on OpenSSH:
what exactly are you trying to do there? I'm confused.
you need to
* start ssh-agent configured with opensc-pkcs11.so
* then use ssh-add to register the key in the smart card
(not sure if you need to specify the opensc-pkcs11.so object here).
it won't work if you
* run ssh-agent without opensc-pkcs11.so option
* run ssh-add with opensc-pkcs11.so option
at least I guess that won't work. how could a command line tool
pass info the the agent? I guess not at all - its not a file
which you can decrypt and then forward the content.
in the other direction it should work fine - ssh-add asks
for the pin, ssh-agent opens the token/slot and accesses
also not sure if you need to specify slot or token...
On Thu, 2010-04-08 at 22:16 +0200, Andreas Jellinghaus wrote:
> * start ssh-agent configured with opensc-pkcs11.so
> * then use ssh-add to register the key in the smart card
> (not sure if you need to specify the opensc-pkcs11.so object here).
Thanks. Then how can start ssh-agent with opensc-pkcs11.so . I cannot
find the command in manual.