Am Freitag 09 April 2010 12:09:08 schrieben Sie: > clone 493029 -1 > retitle 493029 please provide a second openssh-client package > # re-closing, see original close message > close 493029 openssh/1:5.4p1-1 > thanks > > On Thu, Apr 08, 2010 at 11:31:28AM +0200, Patrick Winnertz wrote: > > reopen 493029 > > retitle 493029 pkcs#11 not working correctly > > severity 493029 normal > > thanks > > Reopening a bug with seven merged bugs is going to get very confusing > very quickly, so let's not do that. I've cloned off a new bug instead, > and am re-closing the original. > > > thanks for your efforts on openssh. However it would be very nice if you > > could add some documentation how to use the new pkcs#11 feature of > > openssh... as simply doing a ssh-add -s 0 doesn't work anymore... > > although according to pkcs11-tool my card is in the 0 slot.... > > Note that I didn't develop this feature and I don't have any smartcard > hardware myself. > > > As I've not figured out how this should work after several hours of > > digging in the net, I'm reopening the bug again, change title and > > severity as it now a bug in a package and not longer a whislist bug. > > > > This is the output of ssh-add -s 0: > > Enter passphrase for PKCS#11: > > SSH_AGENT_FAILURE > > Could not add card: 0 > > > > Hope to get some more detailed instructions soon. > > Is there anything interesting in /var/log/auth.log? > > Firstly, if you've just upgraded but haven't logged back out and in > again yet, then you may have an old version of ssh-agent running. In > that case you'll see something like this: > > Apr 9 10:54:33 sarantium ssh-agent[2948]: error: Unknown message 20 > > Secondly, you might see something like this: > > Apr 9 10:57:03 sarantium ssh-pkcs11-helper[5995]: error: dlopen 0 > failed: 0: cannot open shared object file: No such file or directory > > That's because '-s 0' is no longer the correct syntax. The ssh-add(1) > manual page says: > > -e pkcs11 > Remove keys provided by the PKCS#11 shared library pkcs11. > > ... and '0' is clearly not a shared library. Based on > http://www.opensc-project.org/opensc/wiki/OpenSSH (you may have to use > Google's cache; the primary site seemed to be down when I tried), I > think the correct syntax would be: > > ssh-add -s /usr/lib/opensc-pkcs11.so > > When I do this, I get: > > Apr 9 11:08:02 sarantium ssh-pkcs11-helper[6477]: error: no slots > > ... but of course I have no smartcard hardware as mentioned above. > Still, does this get you any further?
Yepp, I've figured it out several hours later that the option to ssh-add stayed the same, but the argument it needs has changed... that's in my eyes not the best way to be honest. At least a warning message: please read manpage, the argument to -s has changed! would be appropriate. Greetings Winnie -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
