You're encountering issues with ssh-add when attempting to add the smart card for SSH authentication. Here are some steps that might help troubleshoot and potentially resolve this issue: 1. Verify if NSS Support is Properly Enabled The changelog mentions "experimental NSS key support," so ensure that the version of OpenSSH you're using was built with the necessary libraries for NSS and smart card support. To check whether your system has the required libraries installed: Make sure that nss-pkcs11 is installed. You can check this by running: perl Copy code rpm -qa | grep nss-pkcs11 If it's not installed, you may need to install it via: Copy code yum install nss-pkcs11 2. Check Smart Card Reader Setup Ensure that your CAC reader is correctly recognized by the system: Use the pcsc_scan utility to verify that your smart card reader is being detected: Copy code yum install pcsc-tools pcsc_scan This command will show whether your reader and card are being recognized. 3. Smart Card Daemon (pcscd) Make sure the PCSC daemon is running, which handles communication between the smart card reader and the system: Start the daemon: sql Copy code service pcscd start Check its status: lua Copy code service pcscd status 4. Using ssh-add with Smart Cards The ssh-add -s command is used to add a smart card or token to the SSH agent. In your case, the errors you're receiving (SSH_AGENT_FAILURE) could be due to a couple of reasons: Ensure that the smart card has a compatible key (e.g., RSA) that can be used with OpenSSH. Verify if the SSH agent is running by typing: bash Copy code eval "$(ssh-agent)" After ensuring the agent is running, try adding the card again: bash Copy code ssh-add -s /usr/lib/opensc-pkcs11.so This assumes OpenSC is installed and the PKCS#11 module path is correct. 5. Inspecting Logs Check system logs for any relevant messages when attempting to use the CAC for SSH: Look at the system logs: bash Copy code tail -f /var/log/messages or journal logs: Copy code journalctl -f This should provide clues if there’s a specific error with the smart card setup or NSS key support. 6. OpenSC Setup If the system isn’t using NSS directly but instead OpenSC (another common smart card library), ensure that OpenSC is installed and configured properly: Install OpenSC if it's not already: Copy code yum install opensc Check the OpenSC PKCS#11 module: Copy code opensc-tool -l If ssh-add -s still fails, it might be necessary to read through the source code or check for updates to OpenSSH and its dependencies to see if full support was integrated into later versions. 7. Try Updating the System Fedora 8 is quite old, and some experimental features might not have been fully supported or stable at the time. If possible, consider upgrading to a more recent version of Fedora or another distribution where smart card support in OpenSSH is more mature. Additional References Fedora Smart Card Setup Documentation OpenSC Documentation If these steps do not resolve the issue, reading the source code might indeed be necessary, especially since the functionality is marked as "experimental." However, confirming that all necessary components (NSS, OpenSC, etc.) are installed and correctly set up should be the first approach. or buy a good memory like HPE P19044-H21 https://serverorbit.com/pc-and-server-memory/pc4-23400 -- _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
