Boris von Alten Blaskowitz wrote:
> Hi,
>
> I am not sure if this the right place for the question. Sorry if not ...


as the error comes from opensc the opensc mailing list might have
been more appropriate

>
> My System:
> SuSE 9.2
> OpenSSH 3.9p1
>
> I have trouble to use a Smartcard with openssh. If i try to connect
> directly to the Smartcard, it fails:
>
> ssh -I 0:45 localhost
>
> card-etoken.c:175:etoken_check_sw: required access right not granted
> card-etoken.c:631:do_compute_signature: returning with: Security status
> not satisfied card-etoken.c:175:etoken_check_sw: required access right
> not granted card-etoken.c:631:do_compute_signature: returning with:
> Security status not satisfied card-etoken.c:175:etoken_check_sw:
> required access right not granted
> card-etoken.c:631:do_compute_signature: returning with: Security status
> not satisfied sec.c:53:sc_compute_signature: returning with: Security
> status not satisfied pkcs15-sec.c:285:sc_pkcs15_compute_signature:
> sc_compute_signature() failed: Security status not satisfied
> sc_pkcs15_compute_signature() failed: Security status not satisfied
> ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0)
>
> This is happen because openssh never prompt for the pin.
>
> If I use the openssh-agent and ssh-add everything works well.
> ssh-add -s 0
> ssh localhost
>
> --> Have a lot of fun
>
>
> The question now:
> Does Smartcards only work, if I use the ssh-agent or should the "ssh -I
> 0:45 localhost" command also work????


with the current design the use of the agent is strongly recommended

Nils

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
http://www.mindrot.org/mailman/listi...enssh-unix-dev