|
List Info
Thread: Compiling OpenSSH/OpenSC
|
|
| Re: Compiling OpenSSH/OpenSC |
|
2008-03-07 01:36:58 |
On 3/7/08, Andreas Jellinghaus <aj dungeon.inka.de> wrote:
> pcsc-lite won't work. you need the microsoft PC/SC
implementation, which is
> shipped with the plattform sdk. so try to link with
that one.
New build system does not compile with either... It loads it
on runtime...
So svn trunk should work...
Also there is new configuration option for pcsc library_name
which
instruct which driver to load.
Alon.
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Compiling OpenSSH/OpenSC |
 
United States |
2008-03-07 14:44:28 |
In line
> -----Original Message-----
> From: Andreas Jellinghaus [mailto:ajdungeon.inka.de]
> Sent: Thursday, March 06, 2008 10:59 PM
> To: drpetersones.net
> Cc: opensc-userlists.opensc-project.org
> Subject: Re: [opensc-user] Compiling OpenSSH/OpenSC
>
> Am Donnerstag, 6. März 2008 21:24:28 schrieb Dan
Peterson:
> > > note: maybe also "-lpcsc" is needed
- no idea.
> >
> > This is a problem.... pcsc wont "make"
properly and errors out so
> when I add this I get a this error from openssh:
>
> pcsc-lite won't work. you need the microsoft PC/SC
implementation,
> which is shipped with the plattform sdk. so try to link
with that one.
>
> of course I wonder what use it might be to try cygwin
at all, if you
> need to link with pcsc from microsoft plattform sdk.
Agreed. I am a glutton for pain? ;)
>
> easier than trying cygwin could be:
> - use our native installer package SCB which contains
opensc, putty, openssl and friends.
> - use latest opensc svn with a mingw setup, this might
lead to a working
> opensc (someone tested and said it was ok).
I have been using the SCB/Aladdin software (I have eTokens)
with puttySC, secureCRT 6, f-secure 5.4 with x509 certs with
some success.
F-secure 5.4 does not work under VISTA ;( and I cant figure
out who took it over...
PuttSC works great; PuttySC agent forwarding is well
limited.
Putty Smart Card seemed to work but there was an issue that
I can't recall right now
SecureCRT 6 uses CAPI for public certs and agent forwarding
(AF), and well I cant get AF to work as expected, howeve
they have been very helpful.
OpenSSH on the UNIX side works great, does agent forwarding
and is well understood. Its command line and ends up being
identical to what's on UNIX (duh); and I want one token that
can move from Windows, UNIX, MAC with little issues.
COPSSH (Cygwin+OPenSSH) works well but they did not compile
SSH with opensc support and seem to focus on the SSHD not
SSH, and I understand why.. This is what inspired me to try
and see how far I would get; but as you have pointed out
(very nicely) why are you beating your head against the
wall? ;)
>
> > So now I assume that it can't find the library and
that makes sense
> as it
> > ant on the system... so how to get pcsc-lite to
make.
>
> don't try, to my knowledge pcsc-lite is not written for
windows. use
> the
> windows pcsc implementation, they should be compatible.
the runtime
> is included in windows itself (except 98 and me and
older I think), and
> the development part is in the plattform sdk.
>
> > Thanks for the help I will keep posting until I
give up or get it to
> work
> > ;) I am a newbe in this environment but really
would like to have
> openssh
> > with opensc working...
>
> any reason for not using putty instead of openssh on
windows?
See above; however I would be willing to discuss what the
goal here is off list.
Again thanks for your help- I will let the list know what I
find ;)
>
> good luck!
>
> Andreas
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Compiling OpenSSH/OpenSC |
|
2008-03-10 11:55:42 |
Am Freitag, 7. März 2008 21:44:28 schrieb Dan Peterson:
> Agreed. I am a glutton for pain? ;)
no worries. I never got a hang for cygwin, but if you like
it,
that is fine with me. only I can't help much.
> COPSSH (Cygwin+OPenSSH) works well but they did not
compile SSH with opensc
> support and seem to focus on the SSHD not SSH, and I
understand why.. This
> is what inspired me to try and see how far I would get;
but as you have
> pointed out (very nicely) why are you beating your head
against the wall?
> ;)
does openssh compile with mingw? alon got opensc to compile
with it,
so that combination might be your bes try.
> See above; however I would be willing to discuss what
the goal here is off
> list.
>
> Again thanks for your help- I will let the list know
what I find ;)
ok, thanks.
Regards, Andreas
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user |
|
| Re: Compiling OpenSSH/OpenSC |
|
2008-03-13 14:31:23 |
On 3/13/08, Dan Peterson <drpetersones.net> wrote:
> C:sshbin>ssh-add -I
OpenSCx20Project/PKCSx20x2315x20SCard/254AE20E0A0F....
x29/45
> Identity added successfully.
In order to use the agent you need to install ask-pass
prog... I have
a .NET sample at [1]. I don't know if there is native cygwin
ask-pass
version.
Please try not use agent at first pass...
>
> C:sshbin>ssh <username>host.xxx.xxx
> Agent admitted failure to sign using the key.
> Password:
ssh -#<provider> <user>host
Regards,
Alon.
[1] http://alon.barlev.googlepages.com/openssh-net-dia
logs.tar.bz2
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Compiling OpenSSH/OpenSC |
United States |
2008-03-13 14:23:26 |
Okay it has taken me a while to get this going.
Here is an outline of what I did and the results:
1) downloaded pkcs11-helper (1.05) to the cygwin
environment
2) in the directory of pkcs-helper:
./configure
Make
Make install
3) installed patches to openssh per Alon instructions.
4) in the patched openssh directory:
./configure --wint-pkcs11 --wint-ipv4-defualt
--with-md5-passwords
Make
Make install
Everything went fine.
New system:
On a windows XP system without cygwin
Installed SCB from opensc
moved the required cygwin.dlls and the ssh*.* related
commands to the SCB directory
Backed up signed p12 file from FireFox
Split p12 file with openssl
openssl pkcs12 -in [cert file name].p12 -clcerts -nokeys
-out [myfile name]-pub.pem
openssl pkcs12 -in [cert file name].p12 -nocerts -out
[myfile name]-prv.pem
Inserted token and installed Aladdin software so that XP
will "see" the device.
NOTE: token has to be formatted with Aladdin software in
order to hold 2048 key?
pkcs15-init --erase --use-default-transport-key
pkcs15-init --create-pkcs15 --use-default-transport-key
pkcs15-init --store-pin --auth-id 01 --label "My
label"
pkcs15-init --store-private-key [myfile name]-prv.pem
--auth-id 01 --id 45
pkcs15-init --store-certificate [myfile name]-pub.pem
--auth-id 01 --id 45
Token done. Pkcs15-tool -dump shows the RSA certs and the
x509 cert...
Open command prompt:
cmd.exe
cd to SCB directory
ssh-keygen -K opensc-pkcs11.dll
dumps output of token -okay I record serialized ID
ssh-agent cmd
Copyright (c) 2006 Microsoft Corporation. All rights
reserved.
C:sshbin
ssh-add -K opensc-pkcs11.dll
Provider 'opensc-pkcs11.dll' added successfully.
C:sshbin>ssh-add -I
OpenSCx20Project/PKCSx20x2315x20SCard/254AE20E0A0F....
x29/45
Identity added successfully.
C:sshbin>ssh <username>host.xxx.xxx
Agent admitted failure to sign using the key.
Password:
This is where it fails.
The agent (or anything so far) never has prompted me for a
password or PIN or passphrase to actually be able to access
the token or private key. So it does not surprise me that
the agent failed to sign using the key.
Anybody have any ideas?
--
Dan
> -----Original Message-----
> From: Alon Bar-Lev [mailto:alon.barlevgmail.com]
> Sent: Thursday, March 06, 2008 11:26 PM
> To: drpetersones.net
> Cc: Marcin Cieslak; opensc-useropensc-project.org
> Subject: Re: [opensc-user] Compiling OpenSSH/OpenSC
>
> On 3/7/08, Dan Peterson <drpetersones.net> wrote:
> > Alon,
> > Thanks for your patches and your help.
> >
> > I was able to "patch" the files (I had
a UNIX friend help me.)
>
> You need also build pkcs11-helper [1].
>
> > I was able to do the
> >
> > ./configure
>
> Add:
> --with-pkcs11
>
> > Anyway, if I do a
> > ssh -I 0
> > I get "no smart card support"
>
> Please read README.pkcs11, the command sequence is
different.
>
> For simple test you should ssh -# opensc-pkcs11.dll
host
>
> Alon.
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Compiling OpenSSH/OpenSC |
United States |
2008-03-13 14:49:08 |
Alon,
That worked... I had tried that, forgot to add it to the
list, and it had failed but I think that it failed for
another reason, this time it worked:
C:sshbin>ssh -# opensc-pkcs11.dll <user>host
Please enter PIN for token 'OpenSC Card (removed)':
Last login: Wed Mar 12 22:24:03 2008 from 68.125.67.237
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993,
1994
The Regents of the University of California. All
rights reserved.
FreeBSD 6.1-STABLE (NOC5) #0: Wed Aug 30 15:02:56 PDT 2006
Host>
Thanks Alon!
I am unclear on what to do in order to get the agent to work
and as I am going to be logging into a "gateway"
then jumping to another system from their private keys can't
be spread all over the place I have to have the agent, sorry
I am a pest, and please forgive my ignorance.
--
Dan
> -----Original Message-----
> From: Alon Bar-Lev [mailto:alon.barlevgmail.com]
> Sent: Thursday, March 13, 2008 12:31 PM
> To: drpetersones.net
> Cc: Marcin Cieslak; opensc-useropensc-project.org
> Subject: Re: [opensc-user] Compiling OpenSSH/OpenSC
>
> On 3/13/08, Dan Peterson <drpetersones.net> wrote:
> > C:sshbin>ssh-add -I
>
OpenSCx20Project/PKCSx20x2315x20SCard/254AE20E0A0F....
x29/45
> > Identity added successfully.
>
> In order to use the agent you need to install ask-pass
prog... I have
> a .NET sample at [1]. I don't know if there is native
cygwin ask-pass
> version.
> Please try not use agent at first pass...
>
> >
> > C:sshbin>ssh <username>host.xxx.xxx
> > Agent admitted failure to sign using the key.
> > Password:
>
> ssh -#<provider> <user>host
>
> Regards,
> Alon.
>
> [1] http://alon.barlev.googlepages.com/openssh-net-dia
logs.tar.bz2
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Compiling OpenSSH/OpenSC |
United States |
2008-03-13 15:17:35 |
FYI:
http://www.ganaware.jp/archives/2006/04/winsshaskpas
s_1.html
GUI ssh-agent for cygwin. (This software has nothing to do
with the same name project in the sourceforge.)
We will see what happens ;)
--
Dan
> -----Original Message-----
> From: Alon Bar-Lev [mailto:alon.barlevgmail.com]
> Sent: Thursday, March 13, 2008 12:31 PM
> To: drpetersones.net
> Cc: Marcin Cieslak; opensc-useropensc-project.org
> Subject: Re: [opensc-user] Compiling OpenSSH/OpenSC
>
> On 3/13/08, Dan Peterson <drpetersones.net> wrote:
> > C:sshbin>ssh-add -I
>
OpenSCx20Project/PKCSx20x2315x20SCard/254AE20E0A0F....
x29/45
> > Identity added successfully.
>
> In order to use the agent you need to install ask-pass
prog... I have
> a .NET sample at [1]. I don't know if there is native
cygwin ask-pass
> version.
> Please try not use agent at first pass...
>
> >
> > C:sshbin>ssh <username>host.xxx.xxx
> > Agent admitted failure to sign using the key.
> > Password:
>
> ssh -#<provider> <user>host
>
> Regards,
> Alon.
>
> [1] http://alon.barlev.googlepages.com/openssh-net-dia
logs.tar.bz2
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Compiling OpenSSH/OpenSC |
|
2008-03-13 15:26:05 |
You actually need the sourceforge project.
But the .NET I wrote is much simpler... 
Alon.
On 3/13/08, Dan Peterson <drpetersones.net> wrote:
> FYI:
>
> http://www.ganaware.jp/archives/2006/04/winsshaskpas
s_1.html
>
>
> GUI ssh-agent for cygwin. (This software has nothing
to do with the same name project in the sourceforge.)
>
>
> We will see what happens ;)
>
>
> --
> Dan
>
>
> > -----Original Message-----
> > From: Alon Bar-Lev [mailto:alon.barlevgmail.com]
>
> > Sent: Thursday, March 13, 2008 12:31 PM
> > To: drpetersones.net
> > Cc: Marcin Cieslak; opensc-useropensc-project.org
> > Subject: Re: [opensc-user] Compiling
OpenSSH/OpenSC
> >
>
> > On 3/13/08, Dan Peterson <drpetersones.net> wrote:
> > > C:sshbin>ssh-add -I
> >
OpenSCx20Project/PKCSx20x2315x20SCard/254AE20E0A0F....
x29/45
> > > Identity added successfully.
> >
> > In order to use the agent you need to install
ask-pass prog... I have
> > a .NET sample at [1]. I don't know if there is
native cygwin ask-pass
> > version.
> > Please try not use agent at first pass...
> >
> > >
> > > C:sshbin>ssh <username>host.xxx.xxx
> > > Agent admitted failure to sign using the
key.
> > > Password:
> >
> > ssh -#<provider> <user>host
> >
> > Regards,
> > Alon.
> >
> > [1] http://alon.barlev.googlepages.com/openssh-net-dia
logs.tar.bz2
>
>
>
>
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Compiling OpenSSH/OpenSC |
United States |
2008-03-13 19:08:17 |
Got the code and compiled on V C# express
Now... how do I call it? ;)
ssh-add --pkcs11-ask-pin openssh-net-dialogs.exe
Does not seem to work ;)
--
Dan
> -----Original Message-----
> From: Alon Bar-Lev [mailto:alon.barlevgmail.com]
> Sent: Thursday, March 13, 2008 12:31 PM
> To: drpetersones.net
> Cc: Marcin Cieslak; opensc-useropensc-project.org
> Subject: Re: [opensc-user] Compiling OpenSSH/OpenSC
>
> On 3/13/08, Dan Peterson <drpetersones.net> wrote:
> > C:sshbin>ssh-add -I
>
OpenSCx20Project/PKCSx20x2315x20SCard/254AE20E0A0F....
x29/45
> > Identity added successfully.
>
> In order to use the agent you need to install ask-pass
prog... I have
> a .NET sample at [1]. I don't know if there is native
cygwin ask-pass
> version.
> Please try not use agent at first pass...
>
> >
> > C:sshbin>ssh <username>host.xxx.xxx
> > Agent admitted failure to sign using the key.
> > Password:
>
> ssh -#<provider> <user>host
>
> Regards,
> Alon.
>
> [1] http://alon.barlev.googlepages.com/openssh-net-dia
logs.tar.bz2
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
| Re: Compiling OpenSSH/OpenSC |
|
2008-03-14 02:26:41 |
On 3/14/08, Dan Peterson <drpetersones.net> wrote:
> Got the code and compiled on V C# express
> Now... how do I call it? ;)
> ssh-add --pkcs11-ask-pin openssh-net-dialogs.exe
>
> Does not seem to work ;)
Hi!
Please download and compile it again, the interface was
changed since
I last checked it due to OpenSSH developers request (default
should be
passphrase).
I did not test this for a long time, but it should be
something like:
SSH_ASKPASS="/usr/bin/openssh-net-dialogs.exe"
ssh-agent bash
Can you please test it out?
Alon.
_______________________________________________
opensc-user mailing list
opensc-userlists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-
user
|
|
|
|