Bug#911758: ssh-add doesn't recognize PKCS#11 URL
Control: tag -1 wishlist
Control: forwarded -1 https://bugzilla.mindrot.org/show_bug.cgi?id=2817
On Wed, Oct 24, 2018 at 03:29:32PM +0300, Karen Arutyunov wrote:
> When I specify PKCS#11 URL as a key file for ssh-add, it fails:
>
> $ ssh-agent -s >~/ssh-agent.env
> $ source ~/ssh-agent.env
> Agent pid 579
> $ ssh-add "pkcs11:token=auth;object=PIV%20AUTH%20pubkey"
> pkcs11:token=auth;object=PIV%20AUTH%20pubkey: No such file or directory
>
> I would expect it to work as on Fedora:
It looks like support for this is only in a (rather large)
Fedora-specific patch:
https://src.fedoraproject.org/cgit/rpms/openssh.git/tree/openssh-7.6p1-pkcs11-uri.patch
I don't understand this well enough to incorporate it, especially as it
would be larger than any of the individual patches we're currently
carrying (even larger than the GSSAPI key exchange patch, which is
already a significant maintenance headache).
The author of this patch set sent it upstream here:
https://bugzilla.mindrot.org/show_bug.cgi?id=2817
I'd very much rather wait for it to be accepted there.
Thanks,
--
Colin Watson [cjwatson@debian.org]
Reply to: