Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
SmartCard-HSM EC keys with OpenSSH #803
I want to use an EC key with OpenSSH. First I generate a key:
Then I get the pubkey:
Convert that to OpenSSH format:
Place that in the authorized_keys file on a modern (Ubuntu 16.04) machine. Try to SSH with the HSM and it fails:
The regular way of getting an SSH key also doesnt work with an EC key:
How do I use an EC key with OpenSSH?
I tried the same with Yubikey NEO provisioned with ECC keys (on P256 curve), and faced the same problem, trying to extract public key in SSH format. Here's the log:
Other ways to use SSH to read keys from the EC token also failed:
Unfortunately OpenSSH PKCS#11 interface does not support ECC. There are several patches hanging around openssh bugzilla. Adding this support needs to refactor a lot of code and is probably not a priority for upstream developers. I personally want to have a look into this in next months.
So there is no issue with OpenSC. If you want to use SSH keys on smart card, RSA is your only hope, these days.