[Bug 3234] New: SSH does not read pkcs11-based private key.

bugzilla-daemon at mindrot.org bugzilla-daemon at mindrot.org
Fri Nov 20 07:20:49 AEDT 2020


https://bugzilla.mindrot.org/show_bug.cgi?id=3234

            Bug ID: 3234
           Summary: SSH does not read pkcs11-based private key.
           Product: Portable OpenSSH
           Version: 8.4p1
          Hardware: amd64
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P5
         Component: Smartcard
          Assignee: unassigned-bugs at mindrot.org
          Reporter: mishaad051 at gmail.com

When I try to connect to a server via ssh, which has the public key
authentication enabled, my key is rejected and I am asked to use
another authentication method.
System SSH version:                                                
OpenSSH_8.4p1, OpenSSL 1.1.1h  22 Sep 2020


ssh some-user at some-server -vvv -I ~/pkcs11-libs/librtpkcs11ecp.so:
https://termbin.com/ehn7
Token is detected and works for other purposes.
pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -T

Available slots:
Slot 0 (0x0): Aktiv Rutoken ECP 00 00
  token label        : token1
  token manufacturer : Aktiv Co.
  token model        : Rutoken ECP
  token flags        : login required, rng, SO PIN to be changed, token
initialized, PIN initialized, user PIN to be changed
  hardware version   : 20.5
  firmware version   : 23.2
  serial num         : 3b7558b7
  pin min/max        : 6/32

Whereas, using OpenSSH v8.2p1 allowed me to connect with key written in
token: 
/home/some-user/ssh8.2/bin/ssh some-user at some-server -I
/usr/lib/librtpkcs11ecp.so -vvv
https://termbin.com/7uy3

-- 
You are receiving this mail because:
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list