Use safenet etoken with ssh-agent

Benjamin Fras benjaminfras at
Sun Sep 14 23:03:45 EST 2014

thanks for your reply. I managed to make it work now. I just needed to 
start the ssh-agent and then properly set the SSH_AUTH_SOCK variable. 
Then it is behaving exactly the way I want.

On 14.09.2014 01:43, Damien Miller wrote:
> On Sat, 13 Sep 2014, Benjamin Fras wrote:
>> Hi,
>> we are using eToken Pro Anywhere to connect with ssh. Basically this is
>> working just fine, if you use ssh -I /lib/ But I need to be
>> able to add the eToken to the ssh-agent due to ForwardAgent-Option. In our
>> setup we use ssh-jumphosts from which you can connect to other hosts that are
>> isolated from the workstation's network.
>> Unfortunately ssh-add -s /lib/ does not work. After entering the
>> passphrase for PKCS#11, the operation fails with "Could not add card:
>> /lib/". Is there any option to get mores details from ssh-add? I
>> didn't find any debug mode I could turn on.
> No, because all of the action happens in ssh-agent. You can run ssh-agent
> in debugging mode though:
> $ ssh-agent -d
> SSH_AUTH_SOCK=/tmp/ssh-w2Q7ZYWsIZR5/agent.30154; export SSH_AUTH_SOCK;
> echo Agent pid 30154;
> $ env SSH_AUTH_SOCK=/tmp/ssh-w2Q7ZYWsIZR5/agent.30154 \
>    ssh-add -s /lib/
> -d

More information about the openssh-unix-dev mailing list