SSH authentication using OpenPGP 2.0 smartcard

Patryk Cisek patryk at debian.org
Wed Jan 26 08:20:12 CET 2011 

On Tue, Jan 25, 2011 at 12:16:02PM -0500, Grant Olson wrote:
> Did you create an authentication key?  You might only have signing and
> encryption keys.  You need a third key for authentication.  (A quick
> look at pool.keyservers.net doesn't show an auth subkey.)
Yes, I've got authentication key:

$ ssh-add -l
1024 5d:20:6f:a5:ce:1e:a9:7c:04:57:89:5c:39:d9:93:52 cardno:00050000009E (RSA)

$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCiJsvSMy8riHYtEAp2rzXuKojMLYV17lmONjQQFX0iyn7Lvj+vX7fbDZTQFXFVIsoJ+xodg7wnnEZ6yRC6jKWDlxXTz33j58Lsb1IhrAvE6W6J2xlp1Vy9NG2QxLB/ua8Sjsd5pkW9O/iq/WqTCe+aANCwJZaEmJSjxA5qQzsCUQ== cardno:00050000009E
$ /usr/local/bin/gpg2 --card-status 
Application ID ...: D27600012401020000050000009E0000
Version ..........: 2.0
Manufacturer .....: ZeitControl
Serial number ....: 0000009E
Name of cardholder: Patryk Cisek
Language prefs ...: en
Sex ..............: male
URL of public key : [not set]
Login data .......: patryk
Signature PIN ....: forced
Key attributes ...: 1024R 1024R 1024R
Max. PIN lengths .: 32 32 32
PIN retry counter : 3 0 3
Signature counter : 177
Signature key ....: FDB4 BB34 728E 9F2B 5FD1  4087 0086 2F45 F39C 318F
      created ....: 2010-05-09 15:36:43
Encryption key....: 153C C0D0 F94A 4F81 94CC  4B58 811F 4C7E FA9A 8135
      created ....: 2010-05-03 09:19:49
Authentication key: B264 C524 FDF1 4F3F AD35  7952 2867 6067 9789 6319
      created ....: 2010-05-03 09:20:13
General key info..: pub  1024R/F39C318F 2010-05-09 Patryk Cisek <patryk at prezu.one.pl>
sec#  1024D/D86A66BA  created: 2004-06-14  expires: never     
ssb>  1024R/F39C318F  created: 2010-05-09  expires: 2011-05-09
                      card-no: 0005 0000009E
ssb#  1024g/482F585B  created: 2004-06-14  expires: never

Have you got any idea what might have been wrong with it?
My card reader is a CCID device, should be no problem with it:

$ lsusb
Bus 002 Device 003: ID 076b:3021 OmniKey AG CardMan 3121
...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 316 bytes
Desc: Digital signature
URL: </pipermail/attachments/20110126/9de940f0/attachment.pgp>

More information about the Gnupg-users mailing list