OpenSSH PKCS#11merge

Alon Bar-Lev alon.barlev at
Tue Sep 25 15:33:44 EST 2007

[[Sending again, as for some strange reason it is not accepted]]

Hello OpenSSH developers,

I maintain external patch for PKCS#11 smartcard support into
OpenSSH[1] , many users already apply and use this patch.

I wish to know if anyone is interesting in working toward merging this
into mainline.

I had some discussion with Damien Miller, but then he disappeared.

Having standard smartcard interface will enable many users to have
more secure environment, without the need to acquire card of specific

In order to merge it cleanly, we should also discuss a modification
for the agent protocol. As smartcards are dynamic in nature, there
should be an option for the agent to ask the caller to provide
information, for example "Insert token <xxx>" or "Please enter
passphrase for token <xxx>". Current implementation does not modify
the agent protocol but execute dialog from within the agent.

Best Regards,
Alon Bar-Lev


More information about the openssh-unix-dev mailing list