But would the *server* be able to use the keys on a PKCS#11 device (that does not let the private keys out)? Client does it fine, I know. Sent from my BlackBerry 10 smartphone on the Verizon Wireless 4G LTE network. Original Message From: Alon Bar-Lev Sent: Tuesday, December 13, 2016 14:54 To: Kenny Simpson Cc: openssh-unix-dev@xxxxxxxxxxx Subject: Re: pkcs #11/hardware support for server keys/sshd? On 13 December 2016 at 21:31, Kenny Simpson <theonetruekenny@xxxxxxxxx> wrote: > I see support for client (ssh/ssh_config), but not server (sshd/sshd_config). ok, sorry, I did not understand the question. Have you looked into HostKeyAgent at sshd_config? I've never tried this, but should work if you load PKCS#11 keys into the agent. > > -Kenny > > > On Tue, Dec 13, 2016 at 2:29 PM, Alon Bar-Lev <alon.barlev@xxxxxxxxx> wrote: >> On 13 December 2016 at 21:00, Kenny Simpson <theonetruekenny@xxxxxxxxx> wrote: >>> Hello, >>> Is there any support (existing or planned) for host keys/certs being >>> managed by some hardware device (tpm,hsm,etc..) instead of a flat >>> file? >> >> man ssh >> search for PKCS#11 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
