search

iterate-ch / cyberduck

Cyberduck is a libre FTP, SFTP, WebDAV, Amazon S3, Backblaze B2, Microsoft Azure & OneDrive and OpenStack Swift file transfer client for Mac and Windows.
https://cyberduck.io/
GNU General Public License v3.0
3.12k stars 283 forks source link

Support authentication with private key from SmartCard (PKCS11) #8401

Open cyberduck opened 9 years ago

cyberduck commented 9 years ago

6959b9a created the issue

Hi, it would be nice if CyberDuck could be able use the PKCS11Provider option as it's already able to use the IdentityFile line of openssh config this way it could manage SmartCard authentification

kind regards

cyberduck commented 9 years ago

@dkocher commented

It should be possible that you add the keys from the SmartCard to the OpenSSH agent using ssh-add.

cyberduck commented 9 years ago

6959b9a commented

Replying to [comment:1 dkocher]:

It should be possible that you add the keys from the SmartCard to the OpenSSH agent using ssh-add.

yes, but I don't want the private key to be stored in ssh-agent or cached

cyberduck commented 9 years ago

@dkocher commented

Are the keys from the smart card accessible from Keychain Access.app?

cyberduck commented 9 years ago

@dkocher commented

Replying to [comment:3 dkocher]:

Are the keys from the smart card accessible from Keychain Access.app?

Not sure if you will have to install the SmartCard Services.

cyberduck commented 9 years ago

6959b9a commented

As OpenSSH is expecting a PKCS11 "format" Card, I use the OpenSC library (opensc-pkcs11.so) for SSH command line authentification. The SmartCard content doesn't appear in the KeyChain, if I'm not mistaken the SmartCard Services (TokenD) has been abandoned by Apple and now use PCSC ( wich doesn't seeam usable with OpenSSH)

cyberduck commented 9 years ago

@dkocher commented

On a side note we have updated our instructions to use Cyberduck with Google Authenticator (or other token based systems) which might be a suitable alternative.

cyberduck commented 8 years ago

@dkocher commented

9318 closed as duplicate.

cyberduck commented 8 years ago

f0de763 commented

Adding support for this ticket - some of us REALLY need a way to use PKCS devices with SFTP

cyberduck commented 7 years ago

1e00fd5 commented

A YubiKey should work well for this, if you're using OpenSSH.

cyberduck commented 3 years ago

2df493a commented

On MacOS 10.15 Catalina at least, I can use native ssh client with "PKCS11Provider /usr/lib/ssh-keychain.dylib" in the ~/.ssh/config file and Yubikey works for passwordless login. This is apparently supported since MacOS High Sierra. Cyberduck should also support this since it's build in to MacOS.