Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 5:52 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 2 posts ] 
Author Message
PostPosted: Wed Jul 27, 2016 11:06 pm 
Offline

Joined: Wed Jul 27, 2016 4:03 pm
Posts: 1
Hi There

I am following the guide at https://developers.yubico.com/yubico-piv-tool/SSH_with_PIV_and_PKCS11.html.

Ubuntu 16.04 stable was up to date 2016-07-27. I have keys and self-signed certs in all slots.

Step 5:
Code:
ssh-keygen -D $OPENSC_LIBS/opensc-pkcs11.so -e

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

This command seems to generate public ssh-keys for all slots. OK.

Step 6:
Code:
OPENSC_LIBS="/usr/lib/x86_64-linux-gnu"
ssh -I $OPENSC_LIBS/opensc-pkcs11.so user@host

no such identity: /home/a/.ssh/id_rsa: No such file or directory
no such identity: /home/a/.ssh/id_dsa: No such file or directory
no such identity: /home/a/.ssh/id_ecdsa: No such file or directory
no such identity: /home/a/.ssh/id_ed25519: No such file or directory
Password:

This command do not trig any query for a PIN. I also miss a place to specify slotnumber.

Are anyone able to help?


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Fri Jul 29, 2016 8:39 pm 
Offline

Joined: Fri Jul 29, 2016 8:30 pm
Posts: 7
I went through the same issue, also on Ubuntu 1604. I took a different approach. I didn't try to use pkcs11. I went with gpg-agent.

In reality, gpg-agent works very well and is not hard to set up.

There was only one major problem: Ubuntu 1604 comes with GPG 2.1.11, and the gpg-agent that comes with that is not compatible with ssh at this time. If you use it and do ssh-add -L it will get "protocol error 2". I finally figured out that I needed a different version of GPG. I installed GPG 2.0, and then things worked as expected.

It does definitely work. I can post a lot more details if needed. If it hadn't been for the GPG 2.1 issue, it would have taken me only about an hour from start to finish.

I will document some more about how I set this up on the Windows side and using it with mounting a SFTP server in Windows client (ExpanDrive)

My next problem is setting all this up for IMAP somehow. Hopefully I don't need to use OTP, but maybe I have to.


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 2 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 11 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group