Open cyberduck opened 9 years ago
@dkocher commented
It should be possible that you add the keys from the SmartCard to the OpenSSH agent using ssh-add
.
6959b9a commented
Replying to [comment:1 dkocher]:
It should be possible that you add the keys from the SmartCard to the OpenSSH agent using
ssh-add
.
yes, but I don't want the private key to be stored in ssh-agent or cached
@dkocher commented
Are the keys from the smart card accessible from Keychain Access.app?
@dkocher commented
Replying to [comment:3 dkocher]:
Are the keys from the smart card accessible from Keychain Access.app?
Not sure if you will have to install the SmartCard Services.
6959b9a commented
As OpenSSH is expecting a PKCS11 "format" Card, I use the OpenSC library (opensc-pkcs11.so) for SSH command line authentification. The SmartCard content doesn't appear in the KeyChain, if I'm not mistaken the SmartCard Services (TokenD) has been abandoned by Apple and now use PCSC ( wich doesn't seeam usable with OpenSSH)
@dkocher commented
On a side note we have updated our instructions to use Cyberduck with Google Authenticator (or other token based systems) which might be a suitable alternative.
@dkocher commented
f0de763 commented
Adding support for this ticket - some of us REALLY need a way to use PKCS devices with SFTP
1e00fd5 commented
A YubiKey should work well for this, if you're using OpenSSH.
2df493a commented
On MacOS 10.15 Catalina at least, I can use native ssh client with "PKCS11Provider /usr/lib/ssh-keychain.dylib" in the ~/.ssh/config file and Yubikey works for passwordless login. This is apparently supported since MacOS High Sierra. Cyberduck should also support this since it's build in to MacOS.
Hi, it would be nice if CyberDuck could be able use the PKCS11Provider option as it's already able to use the IdentityFile line of openssh config this way it could manage SmartCard authentification
kind regards