Re: [FC8] ssh and CAC card???

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



You're encountering issues with ssh-add when attempting to add the smart card for SSH authentication.

Here are some steps that might help troubleshoot and potentially resolve this issue:

1. Verify if NSS Support is Properly Enabled
The changelog mentions "experimental NSS key support," so ensure that the version of OpenSSH you're using was built with the necessary libraries for NSS and smart card support.

To check whether your system has the required libraries installed:

Make sure that nss-pkcs11 is installed. You can check this by running:
perl
Copy code
rpm -qa | grep nss-pkcs11
If it's not installed, you may need to install it via:
Copy code
yum install nss-pkcs11
2. Check Smart Card Reader Setup
Ensure that your CAC reader is correctly recognized by the system:

Use the pcsc_scan utility to verify that your smart card reader is being detected:
Copy code
yum install pcsc-tools
pcsc_scan
This command will show whether your reader and card are being recognized.
3. Smart Card Daemon (pcscd)
Make sure the PCSC daemon is running, which handles communication between the smart card reader and the system:

Start the daemon:
sql
Copy code
service pcscd start
Check its status:
lua
Copy code
service pcscd status
4. Using ssh-add with Smart Cards
The ssh-add -s command is used to add a smart card or token to the SSH agent. In your case, the errors you're receiving (SSH_AGENT_FAILURE) could be due to a couple of reasons:

Ensure that the smart card has a compatible key (e.g., RSA) that can be used with OpenSSH.
Verify if the SSH agent is running by typing:
bash
Copy code
eval "$(ssh-agent)"
After ensuring the agent is running, try adding the card again:
bash
Copy code
ssh-add -s /usr/lib/opensc-pkcs11.so
This assumes OpenSC is installed and the PKCS#11 module path is correct.
5. Inspecting Logs
Check system logs for any relevant messages when attempting to use the CAC for SSH:

Look at the system logs:
bash
Copy code
tail -f /var/log/messages
or journal logs:
Copy code
journalctl -f
This should provide clues if there’s a specific error with the smart card setup or NSS key support.

6. OpenSC Setup
If the system isn’t using NSS directly but instead OpenSC (another common smart card library), ensure that OpenSC is installed and configured properly:

Install OpenSC if it's not already:
Copy code
yum install opensc
Check the OpenSC PKCS#11 module:
Copy code
opensc-tool -l
If ssh-add -s still fails, it might be necessary to read through the source code or check for updates to OpenSSH and its dependencies to see if full support was integrated into later versions.

7. Try Updating the System
Fedora 8 is quite old, and some experimental features might not have been fully supported or stable at the time. If possible, consider upgrading to a more recent version of Fedora or another distribution where smart card support in OpenSSH is more mature.

Additional References
Fedora Smart Card Setup Documentation
OpenSC Documentation
If these steps do not resolve the issue, reading the source code might indeed be necessary, especially since the functionality is marked as "experimental." However, confirming that all necessary components (NSS, OpenSC, etc.) are installed and correctly set up should be the first approach. or buy a good memory like HPE P19044-H21 https://serverorbit.com/pc-and-server-memory/pc4-23400
-- 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux