Menu
▾
▴
Re: [Opensc-devel] Understanding of ssh pkcs key provider
|
From: Gyurgyik, M. S. <gyu...@or...> - 2016-05-20 16:05:28
|
On 16-05-20 14:54:39, Andreas Kemnade wrote: > Hello, > > Am Fri, 20 May 2016 00:18:48 +0000 > schrieb "Gyurgyik, Matthew S." <gyu...@or...>: > > > Hello. > > > > First, let me say I’m new to smart cards and I haven’t been able to > > find much documentation on how they work. I’m looking for some > > education, if there is a better place to post this question, please > > let me know. > > > > I can add keys provided by my smart card to ssh-agent with > > > > $ ssh-add -s /Library/OpenSC/lib/opensc-pkcs11.so > > > > However, if I remove the card from the reader and then reinsert it I > > have to re-add the keys > > > > $ ssh-add -e /Library/OpenSC/lib/opensc-pkcs11.so > > $ ssh-add -s /Library/OpenSC/lib/opensc-pkcs11.so > > > > This happens on both OS X and RHEL7. I am assuming this expected > > behavior. Can someone explain (or point me to documentation) why it > > is necessary to remove the keys and re-add them? > > > here I simply use > $ cat .ssh/config > Host xxx > PKCS11Provider /usr/local/lib/opensc-pkcs11.so > > xxx is the host I use the private key to connect to. > > No commands for card removal/reinsertion needed. > > Regards, > Andreas Kemnade > Thanks for the suggestion and that certainly works, however I have a bastion host which allows access to the rest of the network. I am using SSH Agent Forwarding to allow authentication to hosts past the bastion host. Is there a clever way to forward the card reader to the bastion host? Thanks, Matthew |
