OpenSSH PKCS#11merge

Iain Morgan imorgan at nas.nasa.gov
Wed Sep 26 01:31:48 EST 2007


On Tue, Sep 25, 2007 at 08:33:44 +0300, Alon Bar-Lev wrote:
> 
> [[Sending again, as for some strange reason it is not accepted]]
> 
> Hello OpenSSH developers,
> 
> I maintain external patch for PKCS#11 smartcard support into
> OpenSSH[1] , many users already apply and use this patch.
> 
> I wish to know if anyone is interesting in working toward merging this
> into mainline.
> 
> I had some discussion with Damien Miller, but then he disappeared.
> 
> Having standard smartcard interface will enable many users to have
> more secure environment, without the need to acquire card of specific
> vendor.
> 
> In order to merge it cleanly, we should also discuss a modification
> for the agent protocol. As smartcards are dynamic in nature, there
> should be an option for the agent to ask the caller to provide
> information, for example "Insert token <xxx>" or "Please enter
> passphrase for token <xxx>". Current implementation does not modify
> the agent protocol but execute dialog from within the agent.
> 
> Best Regards,
> Alon Bar-Lev
> 
> [1] http://alon.barlev.googlepages.com/openssh-pkcs11

Due to HSPD-12, US government agencies are switching to the use
of smartcards for authentication. (Some agencies havve already
made this transition.) Presumably any improvements in the
smartcard support that OpenSSH offers would be useful.

-- 
Iain Morgan


More information about the openssh-unix-dev mailing list