[Bug 2635] Unable to use SSH Agent and user level PKCS11Provider configuration directive

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Sep 23 04:24:49 AEST 2017


https://bugzilla.mindrot.org/show_bug.cgi?id=2635

Marc 'Zugschlus' Haber <mh+openssh-bugzilla at zugschlus.de> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mh+openssh-bugzilla at zugschl
                   |                            |us.de

--- Comment #6 from Marc 'Zugschlus' Haber <mh+openssh-bugzilla at zugschlus.de> ---
I have exactly the same issue, on Debian unstable, using OpenSSH 7.5p1
from the Debian packages, and a yubikey 4 Nano. My ssh -vvvv output is
the same as Jamin's.

I can provide additional information:
(1) My second Yubikey, a Yubikey Neo, works fine even with the agent
loaded and the PKCS11Provider option in the config.
(2) When using the agent without the PKCS11Provider option, the ssh
-vvv output is the identical same until:

debug3: sign_and_send_pubkey: RSA <deleted>
sign_and_send_pubkey: signing failed: agent refused operation
debug1: Offering RSA public key:
/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

On the working client, things are:
debug3: sign_and_send_pubkey: RSA <same-deleted-as-above>
debug3: send packet: type 50
debug3: receive packet: type 52
debug1: Authentication succeeded (publickey).
Authenticated to localhost ([127.0.0.1]:10022).
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.


More information about the openssh-bugs mailing list