| Yubico Forum https://forum.yubico.com/ |
|
| SSH client using Yubikey NEO in Ubuntu 16.04 https://forum.yubico.com/viewtopic.php?f=26&t=2376 |
Page 1 of 1 |
| Author: | havard [ Wed Jul 27, 2016 11:06 pm ] |
| Post subject: | SSH client using Yubikey NEO in Ubuntu 16.04 |
Hi There I am following the guide at https://developers.yubico.com/yubico-piv-tool/SSH_with_PIV_and_PKCS11.html. Ubuntu 16.04 stable was up to date 2016-07-27. I have keys and self-signed certs in all slots. Step 5: Code: ssh-keygen -D $OPENSC_LIBS/opensc-pkcs11.so -e ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX This command seems to generate public ssh-keys for all slots. OK. Step 6: Code: OPENSC_LIBS="/usr/lib/x86_64-linux-gnu" ssh -I $OPENSC_LIBS/opensc-pkcs11.so user@host no such identity: /home/a/.ssh/id_rsa: No such file or directory no such identity: /home/a/.ssh/id_dsa: No such file or directory no such identity: /home/a/.ssh/id_ecdsa: No such file or directory no such identity: /home/a/.ssh/id_ed25519: No such file or directory Password: This command do not trig any query for a PIN. I also miss a place to specify slotnumber. Are anyone able to help? |
|
| Author: | SecureDude [ Fri Jul 29, 2016 8:39 pm ] |
| Post subject: | Re: SSH client using Yubikey NEO in Ubuntu 16.04 |
I went through the same issue, also on Ubuntu 1604. I took a different approach. I didn't try to use pkcs11. I went with gpg-agent. In reality, gpg-agent works very well and is not hard to set up. There was only one major problem: Ubuntu 1604 comes with GPG 2.1.11, and the gpg-agent that comes with that is not compatible with ssh at this time. If you use it and do ssh-add -L it will get "protocol error 2". I finally figured out that I needed a different version of GPG. I installed GPG 2.0, and then things worked as expected. It does definitely work. I can post a lot more details if needed. If it hadn't been for the GPG 2.1 issue, it would have taken me only about an hour from start to finish. I will document some more about how I set this up on the Windows side and using it with mounting a SFTP server in Windows client (ExpanDrive) My next problem is setting all this up for IMAP somehow. Hopefully I don't need to use OTP, but maybe I have to. |
|
| Page 1 of 1 | All times are UTC + 1 hour |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|