Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 2:16 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Sat Apr 02, 2016 1:07 am 
Offline

Joined: Sat Apr 02, 2016 12:58 am
Posts: 1
Hi

I've setup a SSH key to be accessed from PKCS#11 according to this guide:
https://developers.yubico.com/yubico-piv-tool/SSH_with_PIV_and_PKCS11.html

I [s]can[s] can not connect when specifying PKCS#11 as source for SSH
Code:
 ssh -I  $OPENSC_LIB user@remote.example.com

I've also verified that it does not work when my Yubikey is not inserted into the USB slot.

When I try to add the key to the SSH Agent then I get the following interaction
Code:
ssh-add -s $OPENSC_LIB
Enter passphrase for PKCS#11:
Could not add card "/usr/local/Cellar/opensc/0.16.0-pre1/lib/pkcs11/opensc-pkcs11.so": agent refused operation


Any hints as to why ssh-add nor ssh works according to the guide? Am I using the correct driver?

OS: Mac OS El Capitan
Yubikey PAM enabled for: Login, Screensaver, Sudo
OpenSC: 0.16.0-pre1


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Mon Jul 25, 2016 5:17 am 
Offline

Joined: Mon Jul 25, 2016 5:11 am
Posts: 5
Same problem using Ubuntu 16.04. I added the ppa for yubico, installed all the yubico software I could find in it, set up Ubuntu using the recommended script found

https://github.com/dainnilsson/scripts/ ... all/gpg.sh

Same issue. I found this somewhat helpful

https://wikitech.wikimedia.org/wiki/Yubikey-SSH

I created a .ssh/config as recommended, so at least now I can just $ssh host, enter pin, and complete a connection. But if I do

ssh-add -s /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so

It asks

Enter passphrase for PKCS#11

Entering my pin, puk, key, changeme.. nothing works. So I guess I live with ssh host, pin.


Top
 Profile  
Reply with quote  
PostPosted: Thu Jul 28, 2016 9:04 am 
Offline
Site Admin
Site Admin

Joined: Mon Dec 08, 2014 2:52 pm
Posts: 314
Hey,

Follow the notes and try to use brew SSH and explicitly use those binaries not the default ssh.

Alternatively, try using YKCS11 https://developers.yubico.com/yubico-pi ... notes.html


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group