[Bug 3234] New: SSH does not read pkcs11-based private key.
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Nov 20 07:20:49 AEDT 2020
https://bugzilla.mindrot.org/show_bug.cgi?id=3234
Bug ID: 3234
Summary: SSH does not read pkcs11-based private key.
Product: Portable OpenSSH
Version: 8.4p1
Hardware: amd64
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: Smartcard
Assignee: unassigned-bugs at mindrot.org
Reporter: mishaad051 at gmail.com
When I try to connect to a server via ssh, which has the public key
authentication enabled, my key is rejected and I am asked to use
another authentication method.
System SSH version:
OpenSSH_8.4p1, OpenSSL 1.1.1h 22 Sep 2020
ssh some-user at some-server -vvv -I ~/pkcs11-libs/librtpkcs11ecp.so:
https://termbin.com/ehn7
Token is detected and works for other purposes.
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -T
Available slots:
Slot 0 (0x0): Aktiv Rutoken ECP 00 00
token label : token1
token manufacturer : Aktiv Co.
token model : Rutoken ECP
token flags : login required, rng, SO PIN to be changed, token
initialized, PIN initialized, user PIN to be changed
hardware version : 20.5
firmware version : 23.2
serial num : 3b7558b7
pin min/max : 6/32
Whereas, using OpenSSH v8.2p1 allowed me to connect with key written in
token:
/home/some-user/ssh8.2/bin/ssh some-user at some-server -I
/usr/lib/librtpkcs11ecp.so -vvv
https://termbin.com/7uy3
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list