Open jmyreen opened 4 years ago
Known issue. Somebody has a pull request in for it: https://github.com/PowerShell/openssh-portable/pull/362
I missed this when I looked for duplicates.
Could this be merged into version 8.1 before the final release. The patch is already 14 months old and support for ssh-add -s
is part of the feature set of OpenSSH v 8, and many versions before that.
2024 and i'm getting the exact same issue.
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
Although this should be fixed (per https://github.com/PowerShell/openssh-portable/pull/537), this continues to be a problem for me as well. I tested using the executables provided in the .zip file on OpenSSH_for_Windows_9.5p1, LibreSSL 3.8.2. (Since per https://github.com/PowerShell/Win32-OpenSSH/issues/1914, the privilege issue for installing may or may not be fixed on the 64-bit version.)
Confirmed as a problem for me as well in 2024, Windows 10 LTSC.
@bannsec , @kayavila , @minfrin , I just re-tested this using both 32 and 64-bit binaries of the latest release (v9.5.0.0p1-Beta) and all smartcard functionality seems to be working well. This also has been reported to be working by others in the past (1, 2, 3, 4).
A few things I would recommend for troubleshooting:
ssh-add -s
will refuse this and that is expected.I'd also add "check path" to your troubleshooting list. Typically you'd have the ssh/ssh-add shipped with Windows in the path before the separately installed ones - and those will not work. Also, make sure the correct ssh agent is started (the service should update automatically to the new path).
Testing v9.5.0.0p1-Beta ssh-add -s [path-to-opensc] works.
When an attempt is made to connect with missing smartcard, I get "agent refused operation" rather than a sensible error message, but I suspect that is an openssh bug.
"OpenSSH for Windows" version
8.1.0.0
Client OperatingSystem Windows 10 Enterprise
What is failing
ssh-add -s 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll'
Using the
-s
"Add keys from PKCS#11 provider", i.e. usingssh-agent
with smart cards does not work.Expected output
Identity added ...
Actual output
Enter passphrase for PKCS#11:
Could not add card "C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll": communication with agent failed
ssh-add
is able to communicate with the agent.ssh-add
without any options adds the default.ssh/id_rsa
file,ssh-add -l
is able to list it.ssh-add -s PKCS#11
does not work, although it does prompt for a PIN, so it obviously recognizes the-s
option.FWIW,
ssh.exe
is able to use a smart card with the option-I 'C:\Program Files\OpenSC Project\OpenSC\pkcs11\opensc-pkcs11.dll'
, it's justssh-agent
that is failing.