https://bugzilla.mindrot.org/show_bug.cgi?id=2620
Bug ID: 2620
Summary: Option AddKeysToAgent doesnt work with keys provided
by PKCS11 libraries.
Product: Portable OpenSSH
Version: 7.3p1
Hardware: Other
OS: Linux
Status: NEW
Severity: enhancement
Priority: P5
Component: ssh-agent
Assignee: [email protected]
Reporter: [email protected]
I would like to setup my ssh connection encryption using smart card
with PKCS#11 interface provided by shared library. In trivial scenario
I'm able to add this key to agent using ssh-add:
reddot@docorp:~$ ssh-add -s /usr/lib/libeTPkcs11.so
Enter passphrase for PKCS#11:
Card added: /usr/lib/libeTPkcs11.so
Now I would like to automate this process to be asked to card PIN only
once on first key access, thus I would like to use option
AddKeysToAgent available in the config. However it seems this option
doesn't work with PKCS#11 keys. Could it be fixed.
There's one more annoying issue: if PKCS#11 key has been already loaded
into agent it isn't considered if ssh uses PKCS11Provider option is set
and I've got to enter card PIN again:
reddot@docorp:~$ ssh-add -l
2048 SHA256:...........................................
/usr/lib/libeTPkcs11.so (RSA)
2048 SHA256:...........................................
/usr/lib/libeTPkcs11.so (RSA)
reddot@docorp:~$ ssh valov.avp.ru
Welcome to Ubuntu 16.04.1 LTS (GNU/Linux 4.4.0-38-generic x86_64)
...
reddot@docorp:~$ ssh valov.avp.ru -I/usr/lib/libeTPkcs11.so
Enter PIN for 'Roman Valov':
...
Have to enter my card PIN again despite it's key is available via
agent.
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
