Hi list, I have no idea if Damien Miller had the time to work on that. I have an initial patch to authenticate using PKCS#11 and ECDSA keys. This requires OpenSSL 1.0.2, prior OpenSSL versions do not expose the required interfaces to override the signature function pointer for ECDSA. The only limitation is that the OpenSSL API misses some cleanup function (finish, for instance), hence I have yet to find a way to properly free the PKCS#11 resources. Is this a contribution you might be interested in ? Cheers, Thomas Calderon _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev