Re: smartcard and ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Alex Mauer wrote: > Remco Post wrote: >> hmmm, more problems. I've decided that the ubuntu packages are broken. >> I'll try again in a new release or when I gain some more patience ;-) > > Have you looked for and/or reported the bugs you found? > > It works for me pretty much "out of the box" with ubuntu/feisty, less so > with earlier releases. > > Here are the problems I found and what I had to do to fix them: > > * gnupg was trying to use pcsc-wrapper at the wrong location (see bug > #68047, https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/68047 ). > It is installed in /usr/lib/gnupg2 rather than /usr/lib/gnupg where the > scd is looking for it. This can be solved either by copying the file, > or with a symlink. This seems to have been fixed in feisty. > ok, installing gnupg2 and symlinking this file as well as the libpcslite helped, thanks a lot! > * Another was that the ssh-agent support is not enabled out of the box. > This may be enabled by editing /etc/X11/Xsession.d/90gpg-agent and > adding "--enable-ssh-support" in the appropriate place (around line 17). > > *The final thing I needed to do was to install the package > libpcsclite-dev. This installs the symlink /usr/lib/libpcsclite.so, > linked to /usr/lib/libpcslite.so.1.0.0. Or of course, you could create > that symlink yourself. This also appears to have been fixed in feisty, > though you do still need libpcsclite1 (and pcscd). > > -Alex Mauer "hawke" > > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC "I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRcrxnCrZkcVehrp5AQKo2wP9GNeFlAKXH1J6xCml/tCoap16xxqn8lEp JZ99bwap7GpChuX0qEfHZT6KDK5GuVlJgJ8HzkOmERy/lXIw423bR/M1sWJH/DI2 NTeYiGZ0etS9yDGn6fGfHnLZLpN9djbEYTHCehNz7futl+oYFZxygzP6i8jPFsq3 PxqQf3E3rU4= =GUgP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
Alex Mauer wrote: > Remco Post wrote: >> hmmm, more problems. I've decided that the ubuntu packages are broken. >> I'll try again in a new release or when I gain some more patience ;-) > > Have you looked for and/or reported the bugs you found? > > It works for me pretty much "out of the box" with ubuntu/feisty, less so > with earlier releases. > > Here are the problems I found and what I had to do to fix them: > > * gnupg was trying to use pcsc-wrapper at the wrong location (see bug > #68047, https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/68047 ). > It is installed in /usr/lib/gnupg2 rather than /usr/lib/gnupg where the > scd is looking for it. This can be solved either by copying the file, > or with a symlink. This seems to have been fixed in feisty. > ok, that's a nice one > * Another was that the ssh-agent support is not enabled out of the box. > This may be enabled by editing /etc/X11/Xsession.d/90gpg-agent and > adding "--enable-ssh-support" in the appropriate place (around line 17). > I've made a gpg-agent.conf file to the same effect. > *The final thing I needed to do was to install the package > libpcsclite-dev. This installs the symlink /usr/lib/libpcsclite.so, > linked to /usr/lib/libpcslite.so.1.0.0. Or of course, you could create > that symlink yourself. This also appears to have been fixed in feisty, > though you do still need libpcsclite1 (and pcscd). > since normal gpg operations (signing) do work, this doesn't seem to be a problem for me. > -Alex Mauer "hawke" > > > > > ___ > Gnupg-users mailing list > Gnupg-users@gnupg.org > http://lists.gnupg.org/mailman/listinfo/gnupg-users -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC "I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
Remco Post wrote: > > hmmm, more problems. I've decided that the ubuntu packages are broken. > I'll try again in a new release or when I gain some more patience ;-) Have you looked for and/or reported the bugs you found? It works for me pretty much "out of the box" with ubuntu/feisty, less so with earlier releases. Here are the problems I found and what I had to do to fix them: * gnupg was trying to use pcsc-wrapper at the wrong location (see bug #68047, https://bugs.launchpad.net/ubuntu/+source/gnupg2/+bug/68047 ). It is installed in /usr/lib/gnupg2 rather than /usr/lib/gnupg where the scd is looking for it. This can be solved either by copying the file, or with a symlink. This seems to have been fixed in feisty. * Another was that the ssh-agent support is not enabled out of the box. This may be enabled by editing /etc/X11/Xsession.d/90gpg-agent and adding "--enable-ssh-support" in the appropriate place (around line 17). *The final thing I needed to do was to install the package libpcsclite-dev. This installs the symlink /usr/lib/libpcsclite.so, linked to /usr/lib/libpcslite.so.1.0.0. Or of course, you could create that symlink yourself. This also appears to have been fixed in feisty, though you do still need libpcsclite1 (and pcscd). -Alex Mauer "hawke" ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Werner Koch wrote: > On Fri, 2 Feb 2007 14:00, [EMAIL PROTECTED] said: > >> mope, I didn't. I tried installing it (as part of the gpgsm package) but >> the /usr/lib/gnupg/pcsc-wrapper seems to be missing in the package :( > > If you have an USB reader, try using the internal ccid-driver. You > need to stop the pcscd first. You may test it with the plain gpg - it > will also use the ccid-driver (--debug-ccid-driver helps to detect > problems). Make sure that the usbfs is loaded and that the > permissions are correct . The smart card howto at www.gnupg.org > should be helpful. > hmmm, more problems. I've decided that the ubuntu packages are broken. I'll try again in a new release or when I gain some more patience ;-) Normal gpg operations work, it's just the ssh-compatebility and only for the smartcard, well, I gues I can do another few months without, just like the past few years when I suffered a windows desktop ;-) > > Shalom-Salam, > >Werner > - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC "I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRcb6yirZkcVehrp5AQKrsgQAmmPinNNA0LUJZbEnI7ioOGZfwD6/7OsP o31ffvu7bsyuXDFbrtA/UD6gZt4xCPe3N3W/4ygQgwbkFGWgedrV9muIqtmbvexL kGzt0p0RiIxXJHZ1El1XBfiV6z0gqNEVBvAZd5AYlK+dyLE6S6IC8tfVVlcwSdLS WjqtcD+d2zE= =j0XP -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
On 2/2/07, Werner Koch <[EMAIL PROTECTED]> wrote: > On Fri, 2 Feb 2007 14:00, [EMAIL PROTECTED] said: > > > mope, I didn't. I tried installing it (as part of the gpgsm package) but > > the /usr/lib/gnupg/pcsc-wrapper seems to be missing in the package :( > > If you have an USB reader, try using the internal ccid-driver. You > need to stop the pcscd first. You may test it with the plain gpg - it > will also use the ccid-driver (--debug-ccid-driver helps to detect > problems). Make sure that the usbfs is loaded and that the > permissions are correct . The smart card howto at www.gnupg.org > should be helpful. Or if your smartcard supports PKCS#11 interface you can use the gnupg-pkcs11-scd from http://gnupg-pkcs11.sourceforge.net and OpenSSH PKCS#11 from http://alon.barlev.googlepages.com/openssh-pkcs11, this way you can use your smartcard with many application at the same time without stopping any interface or making the card locked by one of them. Best Regards, Alon Bar-Lev. ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
On Fri, 2 Feb 2007 14:00, [EMAIL PROTECTED] said: > mope, I didn't. I tried installing it (as part of the gpgsm package) but > the /usr/lib/gnupg/pcsc-wrapper seems to be missing in the package :( If you have an USB reader, try using the internal ccid-driver. You need to stop the pcscd first. You may test it with the plain gpg - it will also use the ccid-driver (--debug-ccid-driver helps to detect problems). Make sure that the usbfs is loaded and that the permissions are correct . The smart card howto at www.gnupg.org should be helpful. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Werner Koch wrote: > On Fri, 2 Feb 2007 11:15, [EMAIL PROTECTED] said: > >> I've set the agent with ssh support, and it quite nicely manages my ssh >> dsa key, but for some reason ssh-add -l does not show my smartcard rsa >> key while gpg --card-status does work (as does signing e-mail with my >> smartcard). > > Do you have scdaemon installed? If so, you should put > mope, I didn't. I tried installing it (as part of the gpgsm package) but the /usr/lib/gnupg/pcsc-wrapper seems to be missing in the package :( > verbose > debug 1024 > debug 2048 > log-file /home/foo/scdaemon.log > > into the ~/.gnupg/scdaemon.conf and kill the scdaemon process. Make > sure that it really got killed. Then do an "ssh-add -l" again and > watch the log file. > The log-file: 2007-02-02 13:41:20 scdaemon[5733] can't run PC/SC access module `/usr/lib/gnupg/pcsc-wrapper': No such file or directory scdaemon[5733.0x8096340] DBG: -> ERR 100663404 Card error scdaemon[5733.0x8096340] DBG: <- RESTART scdaemon[5733.0x8096340] DBG: -> OK > Note, that gpg-agent starts scdaemon and restarts it if has crashed. > > > > Shalom-Salam, > >Werner > - -- Met vriendelijke groeten, Remco Post SARA - Reken- en Netwerkdiensten http://www.sara.nl High Performance Computing Tel. +31 20 592 3000Fax. +31 20 668 3167 PGP Key fingerprint = 6367 DFE9 5CBC 0737 7D16 B3F6 048A 02BF DC93 94EC "I really didn't foresee the Internet. But then, neither did the computer industry. Not that that tells us very much of course - the computer industry didn't even foresee that the century was going to end." -- Douglas Adams -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQCVAwUBRcM14irZkcVehrp5AQK+4wP/du5tH3w55xUIvpBirr4HbbAw3XWPUTgx Ni5zwYqM1NEr5G9E+Dx81VaNXSiqcabtaZC9sG9iuqUCqGMA8t2N3jv9m4TZ/avi fCWdTuB4RH1QEfgYKZdKzNDpmmInlAuai8/2CVone5mdz1t9G5vpc2uMb28NRwTS PgBg5Oysf9I= =aYNG -END PGP SIGNATURE- ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
Re: smartcard and ssh
On Fri, 2 Feb 2007 11:15, [EMAIL PROTECTED] said: > I've set the agent with ssh support, and it quite nicely manages my ssh > dsa key, but for some reason ssh-add -l does not show my smartcard rsa > key while gpg --card-status does work (as does signing e-mail with my > smartcard). Do you have scdaemon installed? If so, you should put verbose debug 1024 debug 2048 log-file /home/foo/scdaemon.log into the ~/.gnupg/scdaemon.conf and kill the scdaemon process. Make sure that it really got killed. Then do an "ssh-add -l" again and watch the log file. Note, that gpg-agent starts scdaemon and restarts it if has crashed. Shalom-Salam, Werner ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users