Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support authentication with private key from SmartCard (PKCS11) #8401

Open
cyberduck opened this issue Dec 6, 2014 · 10 comments
Open

Support authentication with private key from SmartCard (PKCS11) #8401

cyberduck opened this issue Dec 6, 2014 · 10 comments

Comments

@cyberduck
Copy link
Collaborator

@cyberduck cyberduck commented Dec 6, 2014

6959b9a created the issue

Hi,
it would be nice if CyberDuck could be able use the PKCS11Provider option
as it's already able to use the IdentityFile line of openssh config
this way it could manage SmartCard authentification

kind regards

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Dec 6, 2014

@dkocher commented

It should be possible that you add the keys from the SmartCard to the OpenSSH agent using ssh-add.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Dec 6, 2014

6959b9a commented

Replying to [comment:1 dkocher]:

It should be possible that you add the keys from the SmartCard to the OpenSSH agent using ssh-add.

yes, but I don't want the private key to be stored in ssh-agent or cached

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Dec 8, 2014

@dkocher commented

Are the keys from the smart card accessible from Keychain Access.app?

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Dec 8, 2014

@dkocher commented

Replying to [comment:3 dkocher]:

Are the keys from the smart card accessible from Keychain Access.app?

Not sure if you will have to install the SmartCard Services.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Dec 8, 2014

6959b9a commented

As OpenSSH is expecting a PKCS11 "format" Card, I use the OpenSC library (opensc-pkcs11.so) for SSH command line authentification.
The SmartCard content doesn't appear in the KeyChain, if I'm not mistaken the SmartCard Services (TokenD) has been abandoned by Apple and now use PCSC
( wich doesn't seeam usable with OpenSSH)

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Dec 10, 2014

@dkocher commented

On a side note we have updated our instructions to use Cyberduck with Google Authenticator (or other token based systems) which might be a suitable alternative.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Feb 29, 2016

@dkocher commented

#9318 closed as duplicate.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Mar 1, 2016

f0de763 commented

Adding support for this ticket - some of us REALLY need a way to use PKCS devices with SFTP

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Apr 5, 2017

1e00fd5 commented

A YubiKey should work well for this, if you're using OpenSSH.

Loading

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Jan 5, 2021

2df493a commented

On MacOS 10.15 Catalina at least, I can use native ssh client with "PKCS11Provider /usr/lib/ssh-keychain.dylib" in the ~/.ssh/config file and Yubikey works for passwordless login. This is apparently supported since MacOS High Sierra. Cyberduck should also support this since it's build in to MacOS.

Loading

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants