Background: I am currently trying to automate some server processes and want that a special user is connecting via ssh from one server to the next. witout HSM I could use keys without a passphrase, so that a public key (only) login is possible. I now try to secure the private key by using the HSM.
I currently run into the trouble, that I can’t provide the user pin for the HSM when I am using the ssh configuration with “PKCS11Provider /usr/local/lib/opensc-pkcs11.so
”
I could ignore the errors I get out of the library (C-GetAttributeValue failed: 18 ), but then I need to enter the UserPin. (The connection then works) .
Question: Is there trick to provide also the HSM User Pin to the library ? Maybe a special setting in opensc.conf ?
[Update] The errors “C-GetAttributeValue failed:18
” are from keys on the HSM that could not be used with OpenSSH - strange behaviour of the opensc-pkcs11.so lib (should not throw an error)