This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 436088 - openssh with smartcard support
openssh with smartcard support
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
All Linux
low Severity low
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
Depends On:
  Show dependency treegraph
Reported: 2008-03-05 06:32 EST by Rick Zondervan
Modified: 2008-10-17 04:27 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-10-17 04:27:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:

Attachments (Terms of Use)
The patch to prepare openssh for using smartcards with opensc. (3.42 KB, patch)
2008-03-05 06:32 EST, Rick Zondervan
no flags Details | Diff

External Trackers
Tracker ID Priority Status Summary Last Updated
OpenSSH Project 608 None None None Never

  None (edit)
Description Rick Zondervan 2008-03-05 06:32:51 EST
Description of problem:
Openssh does not support the use of an smartcard for authentication when using
OpenSC and OpenCT.

Version-Release number of selected component (if applicable):

How reproducible:
Do ssh -I 0 username@host And OpenSSH will say "no support for smartcards".

Additional info:
1. Download the latest openssh source
2. Apply the patch that's attached to this bugreport.
3. Compile openssh with ./configure –with-opensc=/usr (you will need opensc and
openct to be installed)
4. After make and make install you can use ssh -I 0 username@host (-I 0 stands
for using smartcard 0 for authentication)
Comment 1 Rick Zondervan 2008-03-05 06:32:51 EST
Created attachment 296872 [details]
The patch to prepare openssh for using smartcards with opensc.
Comment 2 Tomas Mraz 2008-03-05 06:41:22 EST
The patch should be sent upstream.
What exact problem this patch fixes?
Comment 3 Rick Zondervan 2008-03-05 06:53:12 EST
Sorry, I forgot to give a good description of the patch.

The patch will make openssh ask for the PIN for the private ssh key on the
smartcard. Normally openssh doesn't ask for the PIN so it cannot use the
privatekey (because the privatekey is protected with an PIN)
Comment 4 Hans de Goede 2008-03-05 07:07:02 EST
(In reply to comment #2)
> The patch should be sent upstream.
> What exact problem this patch fixes?

Actually this patch comes from upstream's bugzilla, and is part of %doc (I
think) no idea why this isn't in the default source.

Rick, do you have an url to the relevant upstream bugreport / webpage?

Comment 5 Rick Zondervan 2008-03-05 07:12:44 EST
This is the bugreport with the patch (it's quite old but is still applies
without problems)
Comment 6 Bug Zapper 2008-05-14 01:47:01 EDT
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here:

Note You need to log in before you can comment on or make changes to this bug.