New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support authentication with private key from SmartCard (PKCS11) #8401
Comments
It should be possible that you add the keys from the SmartCard to the OpenSSH agent using |
Replying to [comment:1 dkocher]:
yes, but I don't want the private key to be stored in ssh-agent or cached |
Are the keys from the smart card accessible from Keychain Access.app? |
Replying to [comment:3 dkocher]:
Not sure if you will have to install the SmartCard Services. |
As OpenSSH is expecting a PKCS11 "format" Card, I use the OpenSC library (opensc-pkcs11.so) for SSH command line authentification. |
On a side note we have updated our instructions to use Cyberduck with Google Authenticator (or other token based systems) which might be a suitable alternative. |
Adding support for this ticket - some of us REALLY need a way to use PKCS devices with SFTP |
A YubiKey should work well for this, if you're using OpenSSH. |
On MacOS 10.15 Catalina at least, I can use native ssh client with "PKCS11Provider /usr/lib/ssh-keychain.dylib" in the ~/.ssh/config file and Yubikey works for passwordless login. This is apparently supported since MacOS High Sierra. Cyberduck should also support this since it's build in to MacOS. |
Hi,
it would be nice if CyberDuck could be able use the PKCS11Provider option
as it's already able to use the IdentityFile line of openssh config
this way it could manage SmartCard authentification
kind regards
The text was updated successfully, but these errors were encountered: