ssh3 icon indicating copy to clipboard operation
ssh3 copied to clipboard

Published 20 hours ago verified publisher icon francoismichel

add support for PKCS11

Open edgecase14 opened this issue 1 year ago • 2 comments

This will enable various hardware backed private key tokens: Yubikey, Smartcards, TPM

edgecase14 avatar Dec 29 '23 13:12 edgecase14

I think it can be easily done by relying on OpenSSH's ssh-agent. Currently, we only look at files containing public keys, but we could ask for ssh3 to use PKCS11 through ssh-agent. That would enable using PKCS11 without having to support it natively in ssh3 right now.

francoismichel avatar Dec 29 '23 20:12 francoismichel

FYI I made it work with a Yubikey through SSH agent. SSH3 currently does not handle the -sk key format bug with classical RSA pubkeys generated by the ssh-agent it works.

You can make it work using the following procedure: https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html (Step 6 won't work but you can connect using the pubkey-for-agent switch)

francoismichel avatar Jan 15 '24 13:01 francoismichel