Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add support for PKCS11 #84

Open
edgecase14 opened this issue Dec 29, 2023 · 2 comments
Open

add support for PKCS11 #84

edgecase14 opened this issue Dec 29, 2023 · 2 comments
Labels
enhancement New feature or request

Comments

@edgecase14
Copy link

This will enable various hardware backed private key tokens: Yubikey, Smartcards, TPM
@francoismichel
Copy link
Owner

I think it can be easily done by relying on OpenSSH's ssh-agent. Currently, we only look at files containing public keys, but we could ask for ssh3 to use PKCS11 through ssh-agent. That would enable using PKCS11 without having to support it natively in ssh3 right now.

@francoismichel francoismichel added the enhancement New feature or request label Dec 29, 2023
@francoismichel
Copy link
Owner

FYI I made it work with a Yubikey through SSH agent.
SSH3 currently does not handle the -sk key format bug with classical RSA pubkeys generated by the ssh-agent it works.

You can make it work using the following procedure: https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html (Step 6 won't work but you can connect using the pubkey-for-agent switch)

@serianox serianox mentioned this issue Feb 4, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@edgecase14 @francoismichel