Description of problem: Openssh does not support the use of an smartcard for authentication when using OpenSC and OpenCT. Version-Release number of selected component (if applicable): OpenSSH_4.7p1 How reproducible: Do ssh -I 0 username@host And OpenSSH will say "no support for smartcards". Additional info: 1. Download the latest openssh source 2. Apply the patch that's attached to this bugreport. 3. Compile openssh with ./configure –with-opensc=/usr (you will need opensc and openct to be installed) 4. After make and make install you can use ssh -I 0 username@host (-I 0 stands for using smartcard 0 for authentication)
Created attachment 296872 [details] The patch to prepare openssh for using smartcards with opensc.
The patch should be sent upstream. https://bugzilla.mindrot.org/ What exact problem this patch fixes?
Sorry, I forgot to give a good description of the patch. The patch will make openssh ask for the PIN for the private ssh key on the smartcard. Normally openssh doesn't ask for the PIN so it cannot use the privatekey (because the privatekey is protected with an PIN)
(In reply to comment #2) > The patch should be sent upstream. https://bugzilla.mindrot.org/ > What exact problem this patch fixes? > Actually this patch comes from upstream's bugzilla, and is part of %doc (I think) no idea why this isn't in the default source. Rick, do you have an url to the relevant upstream bugreport / webpage?
This is the bugreport with the patch (it's quite old but is still applies without problems) https://bugzilla.mindrot.org/show_bug.cgi?id=608
Changing version to '9' as part of upcoming Fedora 9 GA. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping