Yubico Forum :: View topic - [SOLVED] Yubikey Windows pin

Yubico Forum https://forum.yubico.com/

[SOLVED] Yubikey Windows pin_policy bypass for SSH with PIV https://forum.yubico.com/viewtopic.php?f=35&t=2651	Page 1 of 1

Author:

Walterdude [ Thu Jun 15, 2017 9:41 am ]

Post subject:

[SOLVED] Yubikey Windows pin_policy bypass for SSH with PIV

Hello,

I've configured my Yubikey 4 for Authenticating SSH with PIV and PKCS#11.
Everything works fine with cmder in bash mode and a modified version of pageant.

My problem is that my private key was generated with --pin-policy="once" option and despite that,
a windows 10 security prompt (see attached jpg) want my pin every time i'm trying to connect with ssh on my servers.
So i'm thinking that windows 10 has a pin-policy for smartcards that overrides the policy of my private key.

What do you think ? , does anyone have a solution please ?

All my apologies for the quality of my english, i'm just a french dev !!!

Attachments:

prompt.jpg [ 73.03 KiB | Viewed 1225 times ]

Author:	Walterdude [ Thu Jun 15, 2017 3:49 pm ]
Post subject:	Re: Yubikey Windows pin_policy bypass for SSH with PIV
It seems that : Smart Card's Registry Key are missing in RedStone2 version. Sow how to make it work again and respect piv pin policy ? HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SmartCardCredentialProvider HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CertProp https://docs.microsoft.com/en-us/window ... istry-keys

Author:	Walterdude [ Tue Jun 20, 2017 3:15 pm ]
Post subject:	Re: Yubikey Windows pin_policy bypass for SSH with PIV
Problem solved by this fork oh Putty CAC, named Putty CAC 0.69 https://github.com/NoMoreFood/putty-cac/releases

Page 1 of 1	All times are UTC + 1 hour
Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/