Suggested edit for PIV/Guides/SSH_with_PIV_and_PKCS11

[rosly]

Hi,

I don't think that this statement is true: "Generate or import a key in slot 9a (any slot should suffice):"
AFAIK there is no way to tell the ssh to authenticate by slot different than the one for authentication.
If there is a way, please describe it.

[daemonhorn]

If you utilize the libykcs11 version of the library from yubico-piv-tool, it will automatically populate PIV keys from any generated slot. I have successfully used this. Successful on Linux/FreeBSD/Windows. If you use a non-yubico piv pkcs11 module, it may only access the first slot.

Current debug output from ssh with yubico-piv-tool release version 2.3 of libykcs11.dll

e.g.:
ssh -v -I "C:\Program Files\Yubico\Yubico PIV Tool\bin\libykcs11.dll" user@debian11
OpenSSH_for_Windows_8.9p1, LibreSSL 3.4.3
debug1: Reading configuration data C:\Users\daemo/.ssh/config
debug1: Connecting to debian9 [192.168.0.110] port 22.
debug1: Connection established.
debug1: provider C:\Program Files\Yubico\Yubico PIV Tool\bin\libykcs11.dll: manufacturerID <Yubico (www.yubico.com)> cryptokiVersion 2.40 libraryDescription <PKCS#11 PIV Library (SP-800-73)> libraryVersion 2.30
debug1: provider C:\Program Files\Yubico\Yubico PIV Tool\bin\libykcs11.dll slot 0: label <YubiKey PIV #15201255> manufacturerID <Yubico (www.yubico.com)> model serial <15201255> flags 0x40d
debug1: have 1 keys
debug1: have 2 keys
debug1: have 3 keys
debug1: have 4 keys