Mailing List Archive

[Bug 3234] SSH does not read pkcs11-based private key.
https://bugzilla.mindrot.org/show_bug.cgi?id=3234

Inferno_geek <mishaad051@gmail.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |mishaad051@gmail.com

--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3234] SSH does not read pkcs11-based private key. [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3234

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |djm@mindrot.org

--- Comment #1 from Damien Miller <djm@mindrot.org> ---
Does "ssh-keygen -D /path/pkcs11.so" show the keys?

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3234] SSH does not read pkcs11-based private key. [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3234

Jakub Jelen <jjelen@redhat.com> changed:

What |Removed |Added
----------------------------------------------------------------------------
CC| |jjelen@redhat.com

--- Comment #2 from Jakub Jelen <jjelen@redhat.com> ---
The log says it has different amount of keys in OpenSSH 8.4. Can you
get the list of objects with the following command?

pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -O

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3234] SSH does not read pkcs11-based private key. [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3234

--- Comment #3 from Inferno_geek <mishaad051@gmail.com> ---
(In reply to Damien Miller from comment #1)
> Does "ssh-keygen -D /path/pkcs11.so" show the keys?

~/ssh8-2/bin/ssh-keygen -D ~/pkcs11-libs/librtpkcs11ecp.so | nc
termbin.com 9999
https://termbin.com/g3fo

ssh-keygen -D ~/pkcs11-libs/librtpkcs11ecp.so | nc termbin.com 9999
https://termbin.com/9avs

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3234] SSH does not read pkcs11-based private key. [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3234

--- Comment #4 from Inferno_geek <mishaad051@gmail.com> ---
(In reply to Jakub Jelen from comment #2)
> The log says it has different amount of keys in OpenSSH 8.4. Can you
> get the list of objects with the following command?
>
> pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -O

pkcs11-tool --module ~/pkcs11-libs/librtpkcs11ecp.so -O 2>&1 | nc
termbin.com 9999
https://termbin.com/pvsa

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3234] SSH does not read pkcs11-based private key. [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3234

--- Comment #5 from Damien Miller <djm@mindrot.org> ---
Are you using IdentitiesOnly in your ~/.ssh/config? In fixing bug
#3141, ssh will no longer attempt all PKCS#11 keys when this option is
active.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3234] SSH does not read pkcs11-based private key. [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3234

--- Comment #6 from Inferno_geek <mishaad051@gmail.com> ---
(In reply to Damien Miller from comment #5)
> Are you using IdentitiesOnly in your ~/.ssh/config? In fixing bug
> #3141, ssh will no longer attempt all PKCS#11 keys when this option
> is active.

I removed the line and I was able to connect via key on token. Thank
you.

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs
[Bug 3234] SSH does not read pkcs11-based private key. [ In reply to ]
https://bugzilla.mindrot.org/show_bug.cgi?id=3234

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |WORKSFORME
Status|NEW |RESOLVED

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs