Red Hat Bugzilla – Bug 436088
openssh with smartcard support
Last modified: 2008-10-17 04:27:47 EDT
Description of problem:
Openssh does not support the use of an smartcard for authentication when using
OpenSC and OpenCT.
Version-Release number of selected component (if applicable):
Do ssh -I 0 username@host And OpenSSH will say "no support for smartcards".
1. Download the latest openssh source
2. Apply the patch that's attached to this bugreport.
3. Compile openssh with ./configure –with-opensc=/usr (you will need opensc and
openct to be installed)
4. After make and make install you can use ssh -I 0 username@host (-I 0 stands
for using smartcard 0 for authentication)
Created attachment 296872 [details]
The patch to prepare openssh for using smartcards with opensc.
The patch should be sent upstream. https://bugzilla.mindrot.org/
What exact problem this patch fixes?
Sorry, I forgot to give a good description of the patch.
The patch will make openssh ask for the PIN for the private ssh key on the
smartcard. Normally openssh doesn't ask for the PIN so it cannot use the
privatekey (because the privatekey is protected with an PIN)
(In reply to comment #2)
> The patch should be sent upstream. https://bugzilla.mindrot.org/
> What exact problem this patch fixes?
Actually this patch comes from upstream's bugzilla, and is part of %doc (I
think) no idea why this isn't in the default source.
Rick, do you have an url to the relevant upstream bugreport / webpage?
This is the bugreport with the patch (it's quite old but is still applies
Changing version to '9' as part of upcoming Fedora 9 GA.
More information and reason for this action is here: