Red Hat Bugzilla – Full Text Bug Listing
|Summary:||openssh with smartcard support|
|Product:||[Fedora] Fedora||Reporter:||Rick Zondervan <rick>|
|Component:||openssh||Assignee:||Tomas Mraz <tmraz>|
|Status:||CLOSED UPSTREAM||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-10-17 04:27:47 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Rick Zondervan 2008-03-05 06:32:51 EST
Description of problem: Openssh does not support the use of an smartcard for authentication when using OpenSC and OpenCT. Version-Release number of selected component (if applicable): OpenSSH_4.7p1 How reproducible: Do ssh -I 0 username@host And OpenSSH will say "no support for smartcards". Additional info: 1. Download the latest openssh source 2. Apply the patch that's attached to this bugreport. 3. Compile openssh with ./configure –with-opensc=/usr (you will need opensc and openct to be installed) 4. After make and make install you can use ssh -I 0 username@host (-I 0 stands for using smartcard 0 for authentication)
Comment 1 Rick Zondervan 2008-03-05 06:32:51 EST
Created attachment 296872 [details] The patch to prepare openssh for using smartcards with opensc.
Comment 2 Tomas Mraz 2008-03-05 06:41:22 EST
The patch should be sent upstream. https://bugzilla.mindrot.org/ What exact problem this patch fixes?
Comment 3 Rick Zondervan 2008-03-05 06:53:12 EST
Sorry, I forgot to give a good description of the patch. The patch will make openssh ask for the PIN for the private ssh key on the smartcard. Normally openssh doesn't ask for the PIN so it cannot use the privatekey (because the privatekey is protected with an PIN)
Comment 4 Hans de Goede 2008-03-05 07:07:02 EST
(In reply to comment #2) > The patch should be sent upstream. https://bugzilla.mindrot.org/ > What exact problem this patch fixes? > Actually this patch comes from upstream's bugzilla, and is part of %doc (I think) no idea why this isn't in the default source. Rick, do you have an url to the relevant upstream bugreport / webpage?
Comment 5 Rick Zondervan 2008-03-05 07:12:44 EST
This is the bugreport with the patch (it's quite old but is still applies without problems) https://bugzilla.mindrot.org/show_bug.cgi?id=608
Comment 6 Bug Zapper 2008-05-14 01:47:01 EDT
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping