pinpad for ssh-agent - patch posted

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



Hi,

I just wanted to bring attention to an earlier post:

https://lists.mindrot.org/pipermail/openssh-unix-dev/2021-January/039031.html

This does work on Ubuntu Hirsute - openssh 8.4p1 with IsoApplet + OpenSC

The effect is that

$ ssh-add -s pkcs11-opensc.so

Prompts for the PIN# from the terminal, then again immediately from the pinpad (Dell smartcard keyboard, the light indicates PIN entry mode).

Perhaps it should only reqire one PIN entry, from the pinpad only.

After this, ssh agent works, allowing logins without password or PIN prompts, including forwarded agent connections, ie ssh -A host1 ; ssh host2

It would be nice to have another mode, where PIN is not cached, and each agent signing operation required PIN to be entered on pinpad, perhaps with a prompt somewhere stating what is being singed, e.g. "ssh login to host2".

Regardless of any present shortcomings, the patch does allow use of pinpad with ssh; without the patch, the pinpad must be disabled by OpenSC configuration.

Regards,

Jeremy Jackson
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux