OpenSSH and Smartcard
Nils Larsch
nlarsch at gmx.net
Sun Apr 3 00:08:07 EST 2005
Boris von Alten Blaskowitz wrote:
> Hi,
>
> I am not sure if this the right place for the question. Sorry if not ...
as the error comes from opensc the opensc mailing list might have
been more appropriate
>
> My System:
> SuSE 9.2
> OpenSSH 3.9p1
>
> I have trouble to use a Smartcard with openssh. If i try to connect
> directly to the Smartcard, it fails:
>
> ssh -I 0:45 localhost
>
> card-etoken.c:175:etoken_check_sw: required access right not granted
> card-etoken.c:631:do_compute_signature: returning with: Security status
> not satisfied card-etoken.c:175:etoken_check_sw: required access right
> not granted card-etoken.c:631:do_compute_signature: returning with:
> Security status not satisfied card-etoken.c:175:etoken_check_sw:
> required access right not granted
> card-etoken.c:631:do_compute_signature: returning with: Security status
> not satisfied sec.c:53:sc_compute_signature: returning with: Security
> status not satisfied pkcs15-sec.c:285:sc_pkcs15_compute_signature:
> sc_compute_signature() failed: Security status not satisfied
> sc_pkcs15_compute_signature() failed: Security status not satisfied
> ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0)
>
> This is happen because openssh never prompt for the pin.
>
> If I use the openssh-agent and ssh-add everything works well.
> ssh-add -s 0
> ssh localhost
>
> :) --> Have a lot of fun
>
>
> The question now:
> Does Smartcards only work, if I use the ssh-agent or should the "ssh -I
> 0:45 localhost" command also work????
with the current design the use of the agent is strongly recommended
Nils
More information about the openssh-unix-dev
mailing list