AW: OpenSSH 6.3p1 Smartcard-Support

Damien Miller djm at mindrot.org
Wed Dec 11 22:48:39 EST 2013


On Wed, 11 Dec 2013, Benjamin Fras wrote:

> 
> Hi,
> thanks for your reply. Please find attached the debug trace of the openssh-c
> lient:
> ssh -I /usr/lib/libeToken.so -p 222 10.0.0.41 -vvv
> OpenSSH_6.4, OpenSSL 1.0.1c 10 May 2012
> debug1: Reading configuration data /usr/local/etc/ssh_config
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 10.0.0.41 [10.0.0.41] port 222.
> debug1: Connection established.
> debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescripti
> on <SafeNet eToken PKCS#11> libraryVersion 8.3
> debug1: label <eToken> manufacturerID <SafeNet, Inc.> model <eToken> serial 
> <0052787c> flags 0x60d
> no keys

^^^^ The PKCS#11 library is being loaded and initialised, but isn't
returning any keys to OpenSSH. 

Can you use something like opensc's pkcs11-tool to list the objects
on your card? I.e. pkcs11-tool --module /path/to/pkcs11.so -O

-d


More information about the openssh-unix-dev mailing list