Hi,
I figuret out what the problem with openssh was. SSH never ask for the
PIN because it expect the PIN distributed by the ssh-agent. I tried to
modified my OS system (SuSE 9.2) to start the x-session thru ssh-agent
as written in the SuSE-Admin-Guide so it distribute the PIN but it
doesn´t work to startx thru ssh-agent. Know I am modified the source
code from openssh to ask for the PIN, and it works. This way is fine, if
you use the eToken Pro, but I am not user what happen if you have a
Reader with a Pin Pad. So please, maybe someone kann complete this
topic ...
If some is interested in the code modification, just send me an email ...
Boris
Stef Hoeben wrote:
Hi,
The "'tbsCertificate' not found" could mean that there is an empty
certificate file on the card (or one with zeros).
The sc_read_pubkey() function indicates something else, but this
function isn't in the current CVS HEAD (which version do you use)?
Could you perhaps try "pkcs15-tool -c -k", and then "pkcs15-tool -r
<certID>"
for both certs on the card.
And perhaps "pkcs11-tool -t -l" to check the entire card?
Abou the "required access right not granted", did enter your PIN after
the "ssh -I 0:46 user@server "?
Best regards,
Stef
Boris von Alten Blaskowitz wrote:
Hi,
My system:
I have a new problem with openSSH and eToken Pro.
My Card has 2 Private Keys and 2 Certs.
Key1(ID45) and Cert1 was generated with openssl-engine. Key1(ID46) and
Cert2 was generated with openssl and moved to the token with pkcs15-init.
The command
ssh -I 0:45 user@serrver
cause: asn1.c:1071:asn1_decode: mandatory ASN.1 object
'tbsCertificate' not found asn1.c:1083:asn1_decode: returning with:
Required ASN.1 object not found pkcs15-cert.c:88:parse_x509_cert:
ASN.1 parsing of certificate failed: Required ASN.1 object not found
Certificate read faild: invalid ASN.1 object sc_read_pubkey failed:
Invalid ASN.1 object
What is this object?
Command: ssh -I 0:46 user@server
cause: card-etoken.c:175:etoken_check_sw: required access right not
granted card-etoken.c:631:do_compute_signature: returning with:
Security status not satisfied card-etoken.c:175:etoken_check_sw:
required access right not granted
card-etoken.c:631:do_compute_signature: returning with: Security
status not satisfied card-etoken.c:175:etoken_check_sw: required
access right not granted card-etoken.c:631:do_compute_signature:
returning with: Security status not satisfied
sec.c:53:sc_compute_signature: returning with: Security status not
satisfied pkcs15-sec.c:285:sc_pkcs15_compute_signature:
sc_compute_signature() failed: Security status not satisfied
sc_pkcs15_compute_signature() failed: Security status not satisfied
ssh_rsa_sign: RSA_sign failed: error:00000000:lib(0):func(0):reason(0)
Is there one who have a clue what this mean?
Thanks so far
Boris
