[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#493029: closed by Colin Watson <cjwatson@debian.org> (Bug#231472: fixed in openssh 1:5.4p1-1)

Am Freitag 09 April 2010 12:09:08 schrieben Sie:
> clone 493029 -1
> retitle 493029 please provide a second openssh-client package
> # re-closing, see original close message
> close 493029 openssh/1:5.4p1-1
> thanks
> 
> On Thu, Apr 08, 2010 at 11:31:28AM +0200, Patrick Winnertz wrote:
> > reopen 493029
> > retitle 493029 pkcs#11 not working correctly
> > severity 493029 normal
> > thanks
> 
> Reopening a bug with seven merged bugs is going to get very confusing
> very quickly, so let's not do that.  I've cloned off a new bug instead,
> and am re-closing the original.
> 
> > thanks for your efforts on openssh. However it would be very nice if you
> > could add some documentation how to use the new pkcs#11 feature of
> > openssh... as simply doing a ssh-add -s 0 doesn't work anymore...
> > although according to pkcs11-tool my card is in the 0 slot....
> 
> Note that I didn't develop this feature and I don't have any smartcard
> hardware myself.
> 
> > As I've not figured out how this should work after several hours of
> > digging in the net, I'm reopening the bug again, change title and
> > severity as it now a bug in a package and not longer a whislist bug.
> >
> > This is the output of ssh-add -s 0:
> > Enter passphrase for PKCS#11:
> > SSH_AGENT_FAILURE
> > Could not add card: 0
> >
> > Hope to get some more detailed instructions soon.
> 
> Is there anything interesting in /var/log/auth.log?
> 
> Firstly, if you've just upgraded but haven't logged back out and in
> again yet, then you may have an old version of ssh-agent running.  In
> that case you'll see something like this:
> 
>   Apr  9 10:54:33 sarantium ssh-agent[2948]: error: Unknown message 20
> 
> Secondly, you might see something like this:
> 
>   Apr  9 10:57:03 sarantium ssh-pkcs11-helper[5995]: error: dlopen 0
>  failed: 0: cannot open shared object file: No such file or directory
> 
> That's because '-s 0' is no longer the correct syntax.  The ssh-add(1)
> manual page says:
> 
>      -e pkcs11
>              Remove keys provided by the PKCS#11 shared library pkcs11.
> 
> ... and '0' is clearly not a shared library.  Based on
> http://www.opensc-project.org/opensc/wiki/OpenSSH (you may have to use
> Google's cache; the primary site seemed to be down when I tried), I
> think the correct syntax would be:
> 
>   ssh-add -s /usr/lib/opensc-pkcs11.so
> 
> When I do this, I get:
> 
>   Apr  9 11:08:02 sarantium ssh-pkcs11-helper[6477]: error: no slots
> 
> ... but of course I have no smartcard hardware as mentioned above.
> Still, does this get you any further?

Yepp, I've figured it out several hours later that the option to ssh-add stayed 
the same, but the argument it needs has changed... that's in my eyes not the 
best way to be honest. 
At least a warning message: please read manpage, the argument to -s has 
changed! 

would be appropriate.

Greetings
Winnie
Reply to: