Bug 436088

Summary: openssh with smartcard support
Product: [Fedora] Fedora Reporter: Rick Zondervan <rick>
Component: opensshAssignee: Tomas Mraz <tmraz>
Status: CLOSED UPSTREAM QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 9CC: hdegoede
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-17 08:27:47 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The patch to prepare openssh for using smartcards with opensc. none

Description Rick Zondervan 2008-03-05 11:32:51 UTC 
Description of problem:
Openssh does not support the use of an smartcard for authentication when using
OpenSC and OpenCT.

Version-Release number of selected component (if applicable):
OpenSSH_4.7p1

How reproducible:
Do ssh -I 0 username@host And OpenSSH will say "no support for smartcards".

Additional info:
1. Download the latest openssh source
2. Apply the patch that's attached to this bugreport.
3. Compile openssh with ./configure –with-opensc=/usr (you will need opensc and
openct to be installed)
4. After make and make install you can use ssh -I 0 username@host (-I 0 stands
for using smartcard 0 for authentication)
Comment 1 Rick Zondervan 2008-03-05 11:32:51 UTC 
Created attachment 296872 [details]
The patch to prepare openssh for using smartcards with opensc.
Comment 2 Tomas Mraz 2008-03-05 11:41:22 UTC 
The patch should be sent upstream. https://bugzilla.mindrot.org/
What exact problem this patch fixes?
Comment 3 Rick Zondervan 2008-03-05 11:53:12 UTC 
Sorry, I forgot to give a good description of the patch.

The patch will make openssh ask for the PIN for the private ssh key on the
smartcard. Normally openssh doesn't ask for the PIN so it cannot use the
privatekey (because the privatekey is protected with an PIN)
Comment 4 Hans de Goede 2008-03-05 12:07:02 UTC 
(In reply to comment #2)
> The patch should be sent upstream. https://bugzilla.mindrot.org/
> What exact problem this patch fixes?
> 

Actually this patch comes from upstream's bugzilla, and is part of %doc (I
think) no idea why this isn't in the default source.

Rick, do you have an url to the relevant upstream bugreport / webpage?
Comment 5 Rick Zondervan 2008-03-05 12:12:44 UTC 
This is the bugreport with the patch (it's quite old but is still applies
without problems)

https://bugzilla.mindrot.org/show_bug.cgi?id=608
Comment 6 Bug Zapper 2008-05-14 05:47:01 UTC 
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping