Hello.
I'm always the one that finds problems :)
Waiting to "fix" CA issue, I'm trying to use an on-card key to
authenticate a SSH user.
Key is there, and should have all needed flags set (generated w/ -u
sign,decrypt since IIUC ssh requires both):
-8<--
Private RSA Key [SSH: ndk]
Object Flags : [0x3], private, modifiable
Usage : [0x2E], decrypt, sign, signRecover, unwrap
Access Flags : [0x1D], sensitive, alwaysSensitive,
neverExtract, local
ModLength : 2048
Key ref : 6
Native : yes
Path : 3f0050154b06
Auth ID : 02
ID : 1000
-8<--
Public key is loaded in the right authorized_keys, and it have the right
permissions: tested w/ key in id_rsa file, that works).
But when I try to use it, I get:
-8<--
$ ssh otheruser@myhost
Enter PIN for 'MyEID (User Auth)':
C_Sign failed: 257
ssh_rsa_sign: RSA_sign failed: error:25066067:DSO support
routines:DLFCN_LOAD:could not load the shared library
Permission denied (publickey,password,keyboard-interactive).
-8<--
Even an strace didn't help locating the lib that can't be loaded.
After that, I often find the card unresponsive after that error:
-8<--
$ pkcs15-tool -k
Using reader with a card: SCM SCR 335 [CCID Interface] (504012DD) 00 00
Failed to connect to card: Unresponsive card (correctly inserted?)
-8<--
Just issuing multiple times the same command (w/o touching the card or
the reader!) solves the issue.
Any hint?
Tks!
BYtE,
Diego.
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
