Bug#493029: closed by Colin Watson <cjwatson@debian.org> (Bug#231472: fixed in openssh 1:5.4p1-1)
Am Freitag 09 April 2010 12:09:08 schrieben Sie:
> clone 493029 -1
> retitle 493029 please provide a second openssh-client package
> # re-closing, see original close message
> close 493029 openssh/1:5.4p1-1
> thanks
>
> On Thu, Apr 08, 2010 at 11:31:28AM +0200, Patrick Winnertz wrote:
> > reopen 493029
> > retitle 493029 pkcs#11 not working correctly
> > severity 493029 normal
> > thanks
>
> Reopening a bug with seven merged bugs is going to get very confusing
> very quickly, so let's not do that. I've cloned off a new bug instead,
> and am re-closing the original.
>
> > thanks for your efforts on openssh. However it would be very nice if you
> > could add some documentation how to use the new pkcs#11 feature of
> > openssh... as simply doing a ssh-add -s 0 doesn't work anymore...
> > although according to pkcs11-tool my card is in the 0 slot....
>
> Note that I didn't develop this feature and I don't have any smartcard
> hardware myself.
>
> > As I've not figured out how this should work after several hours of
> > digging in the net, I'm reopening the bug again, change title and
> > severity as it now a bug in a package and not longer a whislist bug.
> >
> > This is the output of ssh-add -s 0:
> > Enter passphrase for PKCS#11:
> > SSH_AGENT_FAILURE
> > Could not add card: 0
> >
> > Hope to get some more detailed instructions soon.
>
> Is there anything interesting in /var/log/auth.log?
>
> Firstly, if you've just upgraded but haven't logged back out and in
> again yet, then you may have an old version of ssh-agent running. In
> that case you'll see something like this:
>
> Apr 9 10:54:33 sarantium ssh-agent[2948]: error: Unknown message 20
>
> Secondly, you might see something like this:
>
> Apr 9 10:57:03 sarantium ssh-pkcs11-helper[5995]: error: dlopen 0
> failed: 0: cannot open shared object file: No such file or directory
>
> That's because '-s 0' is no longer the correct syntax. The ssh-add(1)
> manual page says:
>
> -e pkcs11
> Remove keys provided by the PKCS#11 shared library pkcs11.
>
> ... and '0' is clearly not a shared library. Based on
> http://www.opensc-project.org/opensc/wiki/OpenSSH (you may have to use
> Google's cache; the primary site seemed to be down when I tried), I
> think the correct syntax would be:
>
> ssh-add -s /usr/lib/opensc-pkcs11.so
>
> When I do this, I get:
>
> Apr 9 11:08:02 sarantium ssh-pkcs11-helper[6477]: error: no slots
>
> ... but of course I have no smartcard hardware as mentioned above.
> Still, does this get you any further?
Yepp, I've figured it out several hours later that the option to ssh-add stayed
the same, but the argument it needs has changed... that's in my eyes not the
best way to be honest.
At least a warning message: please read manpage, the argument to -s has
changed!
would be appropriate.
Greetings
Winnie
Reply to: