[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#493029: closed by Colin Watson <cjwatson@debian.org> (Bug#231472: fixed in openssh 1:5.4p1-1)

clone 493029 -1
retitle 493029 please provide a second openssh-client package
# re-closing, see original close message
close 493029 openssh/1:5.4p1-1
thanks

On Thu, Apr 08, 2010 at 11:31:28AM +0200, Patrick Winnertz wrote:
> reopen 493029
> retitle 493029 pkcs#11 not working correctly
> severity 493029 normal
> thanks

Reopening a bug with seven merged bugs is going to get very confusing
very quickly, so let's not do that.  I've cloned off a new bug instead,
and am re-closing the original.

> thanks for your efforts on openssh. However it would be very nice if you could 
> add some documentation how to use the new pkcs#11 feature of openssh... as 
> simply doing a ssh-add -s 0 doesn't work anymore... although according to 
> pkcs11-tool my card is in the 0 slot....

Note that I didn't develop this feature and I don't have any smartcard
hardware myself.

> As I've not figured out how this should work after several hours of digging in 
> the net, I'm reopening the bug again, change title and severity as it now a 
> bug in a package and not longer a whislist bug.
> 
> This is the output of ssh-add -s 0:
> Enter passphrase for PKCS#11:
> SSH_AGENT_FAILURE
> Could not add card: 0
> 
> Hope to get some more detailed instructions soon.

Is there anything interesting in /var/log/auth.log?

Firstly, if you've just upgraded but haven't logged back out and in
again yet, then you may have an old version of ssh-agent running.  In
that case you'll see something like this:

  Apr  9 10:54:33 sarantium ssh-agent[2948]: error: Unknown message 20

Secondly, you might see something like this:

  Apr  9 10:57:03 sarantium ssh-pkcs11-helper[5995]: error: dlopen 0 failed: 0: cannot open shared object file: No such file or directory

That's because '-s 0' is no longer the correct syntax.  The ssh-add(1)
manual page says:

     -e pkcs11
             Remove keys provided by the PKCS#11 shared library pkcs11.

... and '0' is clearly not a shared library.  Based on
http://www.opensc-project.org/opensc/wiki/OpenSSH (you may have to use
Google's cache; the primary site seemed to be down when I tried), I
think the correct syntax would be:

  ssh-add -s /usr/lib/opensc-pkcs11.so

When I do this, I get:

  Apr  9 11:08:02 sarantium ssh-pkcs11-helper[6477]: error: no slots

... but of course I have no smartcard hardware as mentioned above.
Still, does this get you any further?

-- 
Colin Watson                                       [cjwatson@debian.org]
Reply to: