Guys, I am not able to get it run. I can not say where is the problem but it seams that the openssh client is not able to get list of rsa key from token. See two logs from pkcs11-spy. one is for "ssh -I" the second is for "pkcs11-tool -O" In the second log there is private_key visible or offered in the first one is not. I use openssh 6.4 version on Linux or Mac. Log from ssh -I 0: C_GetFunctionList 2014-01-28 03:26:42.350 Returned: 0 CKR_OK 1: C_Initialize 2014-01-28 03:26:42.351 [in] pInitArgs = (nil) Returned: 0 CKR_OK 2: C_GetInfo 2014-01-28 03:26:42.352 [out] pInfo: cryptokiVersion: 2.20 manufacturerID: 'SafeNet, Inc. ' flags: 0 libraryDescription: 'SafeNet eToken PKCS#11 ' libraryVersion: 8.3 Returned: 0 CKR_OK 3: C_GetSlotList 2014-01-28 03:26:42.352 [in] tokenPresent = 0x1 [out] pSlotList: Count is 1 [out] *pulCount = 0x1 Returned: 0 CKR_OK 4: C_GetSlotList 2014-01-28 03:26:42.352 [in] tokenPresent = 0x1 [out] pSlotList: Slot 0 [out] *pulCount = 0x1 Returned: 0 CKR_OK 5: C_GetTokenInfo 2014-01-28 03:26:42.352 [in] slotID = 0x0 [out] pInfo: label: 'mToken2 ' manufacturerID: 'SafeNet, Inc. ' model: 'eToken ' serialNumber: '01db04cc ' ulMaxSessionCount: 0 ulSessionCount: 0 ulMaxRwSessionCount: 0 ulRwSessionCount: 0 ulMaxPinLen: 0 ulMinPinLen: 0 ulTotalPublicMemory: 73728 ulFreePublicMemory: 54312 ulTotalPrivateMemory: 73728 ulFreePrivateMemory: 54312 hardwareVersion: 8.0 firmwareVersion: 1.0 time: ' ' flags: 601 CKF_RNG CKF_DUAL_CRYPTO_OPERATIONS CKF_TOKEN_INITIALIZED Returned: 0 CKR_OK 6: C_OpenSession 2014-01-28 03:26:42.353 [in] slotID = 0x0 [in] flags = 0x6 pApplication=(nil) Notify=(nil) [out] *phSession = 0x3c60002 Returned: 0 CKR_OK 7: C_FindObjectsInit 2014-01-28 03:26:42.353 [in] hSession = 0x3c60002 [in] pTemplate[1]: CKA_CLASS CKO_PUBLIC_KEY Returned: 0 CKR_OK 8: C_FindObjects 2014-01-28 03:26:42.353 [in] hSession = 0x3c60002 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x1 Object 0x8690003 matches Returned: 0 CKR_OK 9: C_GetAttributeValue 2014-01-28 03:26:42.353 [in] hSession = 0x3c60002 [in] hObject = 0x8690003 [in] pTemplate[3]: CKA_ID 0000000000000000 / 0 CKA_MODULUS 0000000000000000 / 0 CKA_PUBLIC_EXPONENT 0000000000000000 / 0 [out] pTemplate[3]: CKA_ID 0000000000000000 / 0 CKA_MODULUS 0000000000000000 / 256 CKA_PUBLIC_EXPONENT 0000000000000000 / 3 Returned: 0 CKR_OK 10: C_FindObjects 2014-01-28 03:26:42.354 [in] hSession = 0x3c60002 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x0 Returned: 0 CKR_OK 11: C_FindObjectsFinal 2014-01-28 03:26:42.354 [in] hSession = 0x3c60002 Returned: 0 CKR_OK 12: C_Finalize 2014-01-28 03:26:42.354 Returned: 0 CKR_OK Log from pkcs11-tool --module=/usr/lib/x86_64-linux-gnu/pkcs11-spy.so - *************** OpenSC PKCS#11 spy ***************** Loaded: "/usr/lib/libeTPkcs11.so" 0: C_GetFunctionList 2014-01-28 04:00:43.576 Returned: 0 CKR_OK 1: C_Initialize 2014-01-28 04:00:43.576 [in] pInitArgs = (nil) Returned: 0 CKR_OK 2: C_GetSlotList 2014-01-28 04:00:43.577 [in] tokenPresent = 0x0 [out] pSlotList: Count is 6 [out] *pulCount = 0x6 Returned: 0 CKR_OK 3: C_GetSlotList 2014-01-28 04:00:43.577 [in] tokenPresent = 0x0 [out] pSlotList: Slot 0 Slot 1 Slot 2 Slot 3 Slot 4 Slot 5 [out] *pulCount = 0x6 Returned: 0 CKR_OK 4: C_GetSlotInfo 2014-01-28 04:00:43.577 [in] slotID = 0x0 [out] pInfo: slotDescription: 'AKS ifdh [Main Interface] 00 00 ' ' ' manufacturerID: 'SafeNet, Inc. ' hardwareVersion: 1.0 firmwareVersion: 0.0 flags: 7 CKF_TOKEN_PRESENT CKF_REMOVABLE_DEVICE CKF_HW_SLOT Returned: 0 CKR_OK 5: C_OpenSession 2014-01-28 04:00:43.578 [in] slotID = 0x0 [in] flags = 0x4 pApplication=(nil) Notify=(nil) [out] *phSession = 0x5670001 Returned: 0 CKR_OK 6: C_FindObjectsInit 2014-01-28 04:00:43.578 [in] hSession = 0x5670001 [in] pTemplate[0]: Returned: 0 CKR_OK 7: C_FindObjects 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x1 Object 0x3c60002 matches Returned: 0 CKR_OK 8: C_GetAttributeValue 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_CLASS 00007fff3bd35a58 / 8 [out] pTemplate[1]: CKA_CLASS CKO_PRIVATE_KEY Returned: 0 CKR_OK 9: C_GetAttributeValue 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_KEY_TYPE 00007fff3bd35a58 / 8 [out] pTemplate[1]: CKA_KEY_TYPE CKK_RSA Returned: 0 CKR_OK 10: C_GetAttributeValue 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_CLASS 00007fff3bd35a58 / 8 [out] pTemplate[1]: CKA_CLASS CKO_PRIVATE_KEY Returned: 0 CKR_OK 11: C_GetAttributeValue 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_LABEL 0000000000000000 / 0 [out] pTemplate[1]: CKA_LABEL 0000000000000000 / 0 Returned: 0 CKR_OK 12: C_GetAttributeValue 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_LABEL 0000000000bb14b0 / 0 [out] pTemplate[1]: CKA_LABEL 0000000000bb14b0 / 0 Returned: 0 CKR_OK 13: C_GetAttributeValue 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_ID 0000000000000000 / 0 [out] pTemplate[1]: CKA_ID 0000000000000000 / 0 Returned: 0 CKR_OK 14: C_GetAttributeValue 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_ID 0000000000bb14b0 / 0 [out] pTemplate[1]: CKA_ID 0000000000bb14b0 / 0 Returned: 0 CKR_OK 15: C_GetAttributeValue 2014-01-28 04:00:43.579 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_DECRYPT 00007fff3bd35a5f / 1 [out] pTemplate[1]: CKA_DECRYPT True Returned: 0 CKR_OK 16: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_SIGN 00007fff3bd35a5f / 1 [out] pTemplate[1]: CKA_SIGN True Returned: 0 CKR_OK 17: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_? (0x80000001) 00007fff3bd35ab7 / 1 [out] pTemplate[1]: CKA_? (0x80000001) 00007fff3bd35ab7 / 8 Returned: 0 CKR_OK 18: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_UNWRAP 00007fff3bd35a5f / 1 [out] pTemplate[1]: CKA_UNWRAP True Returned: 0 CKR_OK 19: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_DERIVE 00007fff3bd35ab7 / 1 [out] pTemplate[1]: CKA_DERIVE False Returned: 0 CKR_OK 20: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x3c60002 [in] pTemplate[1]: CKA_ALWAYS_AUTHENTICATE 00007fff3bd35a5f / 1 [out] pTemplate[1]: CKA_ALWAYS_AUTHENTICATE False Returned: 0 CKR_OK 21: C_FindObjects 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x1 Object 0x8690003 matches Returned: 0 CKR_OK 22: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_CLASS 00007fff3bd35a58 / 8 [out] pTemplate[1]: CKA_CLASS CKO_PUBLIC_KEY Returned: 0 CKR_OK 23: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_KEY_TYPE 00007fff3bd35a58 / 8 [out] pTemplate[1]: CKA_KEY_TYPE CKK_RSA Returned: 0 CKR_OK 24: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_CLASS 00007fff3bd35a58 / 8 [out] pTemplate[1]: CKA_CLASS CKO_PUBLIC_KEY Returned: 0 CKR_OK 25: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_MODULUS_BITS 00007fff3bd35a58 / 8 [out] pTemplate[1]: CKA_MODULUS_BITS 00007fff3bd35a58 / 8 00000000 00 08 00 00 00 00 00 00 ........ Returned: 0 CKR_OK 26: C_GetAttributeValue 2014-01-28 04:00:43.580 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_LABEL 0000000000000000 / 0 [out] pTemplate[1]: CKA_LABEL 0000000000000000 / 0 Returned: 0 CKR_OK 27: C_GetAttributeValue 2014-01-28 04:00:43.581 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_LABEL 0000000000bb14d0 / 0 [out] pTemplate[1]: CKA_LABEL 0000000000bb14d0 / 0 Returned: 0 CKR_OK 28: C_GetAttributeValue 2014-01-28 04:00:43.581 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_ID 0000000000000000 / 0 [out] pTemplate[1]: CKA_ID 0000000000000000 / 0 Returned: 0 CKR_OK 29: C_GetAttributeValue 2014-01-28 04:00:43.581 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_ID 0000000000bb14d0 / 0 [out] pTemplate[1]: CKA_ID 0000000000bb14d0 / 0 Returned: 0 CKR_OK 30: C_GetAttributeValue 2014-01-28 04:00:43.581 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_ENCRYPT 00007fff3bd35ab7 / 1 [out] pTemplate[1]: CKA_ENCRYPT True Returned: 0 CKR_OK 31: C_GetAttributeValue 2014-01-28 04:00:43.581 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_VERIFY 00007fff3bd35ab7 / 1 [out] pTemplate[1]: CKA_VERIFY True Returned: 0 CKR_OK 32: C_GetAttributeValue 2014-01-28 04:00:43.581 [in] hSession = 0x5670001 [in] hObject = 0x8690003 [in] pTemplate[1]: CKA_WRAP 00007fff3bd35ab7 / 1 [out] pTemplate[1]: CKA_WRAP True Returned: 0 CKR_OK 33: C_FindObjects 2014-01-28 04:00:43.582 [in] hSession = 0x5670001 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x1 Object 0x8730004 matches Returned: 0 CKR_OK 34: C_GetAttributeValue 2014-01-28 04:00:43.582 [in] hSession = 0x5670001 [in] hObject = 0x8730004 [in] pTemplate[1]: CKA_CLASS 00007fff3bd35a58 / 8 [out] pTemplate[1]: CKA_CLASS CKO_CERTIFICATE Returned: 0 CKR_OK 35: C_GetAttributeValue 2014-01-28 04:00:43.582 [in] hSession = 0x5670001 [in] hObject = 0x8730004 [in] pTemplate[1]: CKA_CERTIFICATE_TYPE 00007fff3bd35ab8 / 8 [out] pTemplate[1]: CKA_CERTIFICATE_TYPE CKC_X_509 Returned: 0 CKR_OK 36: C_GetAttributeValue 2014-01-28 04:00:43.582 [in] hSession = 0x5670001 [in] hObject = 0x8730004 [in] pTemplate[1]: CKA_LABEL 0000000000000000 / 0 [out] pTemplate[1]: CKA_LABEL 0000000000000000 / 0 Returned: 0 CKR_OK 37: C_GetAttributeValue 2014-01-28 04:00:43.582 [in] hSession = 0x5670001 [in] hObject = 0x8730004 [in] pTemplate[1]: CKA_LABEL 0000000000bb14f0 / 0 [out] pTemplate[1]: CKA_LABEL 0000000000bb14f0 / 0 Returned: 0 CKR_OK 38: C_GetAttributeValue 2014-01-28 04:00:43.582 [in] hSession = 0x5670001 [in] hObject = 0x8730004 [in] pTemplate[1]: CKA_ID 0000000000000000 / 0 [out] pTemplate[1]: CKA_ID 0000000000000000 / 0 Returned: 0 CKR_OK 39: C_GetAttributeValue 2014-01-28 04:00:43.582 [in] hSession = 0x5670001 [in] hObject = 0x8730004 [in] pTemplate[1]: CKA_ID 0000000000bb14f0 / 0 [out] pTemplate[1]: CKA_ID 0000000000bb14f0 / 0 Returned: 0 CKR_OK 40: C_FindObjects 2014-01-28 04:00:43.582 [in] hSession = 0x5670001 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x0 Returned: 0 CKR_OK 41: C_FindObjectsFinal 2014-01-28 04:00:43.583 [in] hSession = 0x5670001 Returned: 0 CKR_OK 42: C_CloseSession 2014-01-28 04:00:43.583 [in] hSession = 0x5670001 Returned: 0 CKR_OK 43: C_Finalize 2014-01-28 04:00:43.583 Returned: 0 CKR_OK log from ssh OpenSSH_6.4, OpenSSL 1.0.1e 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 19: Applying options for * debug1: Connecting to 192.1.1.1 [192.1.1.1] port 22. debug1: Connection established. debug1: permanently_set_uid: 0/0 debug1: manufacturerID <SafeNet, Inc.> cryptokiVersion 2.20 libraryDescription <SafeNet eToken PKCS#11> libraryVersion 8.3 debug1: label <mToken2> manufacturerID <SafeNet, Inc.> model <eToken> serial <01db04cc> flags 0x601 no keys _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev