Nitrokey 3 SSH login with PKCS11

Victor_Bessonov · July 31, 2023, 8:17pm

I’m having a hard time using my Nitrokey 3 with OpenSC PKCS11 module to login via SSH.
It looks like OpenSC tries to use the wrong key or something, when I try to login using opensc-pkcs11.so I get this:

skipping unsupported key type
failed to fetch key
skipping unsupported key type
failed to fetch key
Enter PIN for 'OpenPGP card (User PIN)':
skipping unsupported key type
failed to fetch key
skipping unsupported key type
failed to fetch key
skipping unsupported key type
failed to fetch key
Enter PIN for 'OpenPGP card (User PIN (sig))':
skipping unsupported key type
failed to fetch key

I also created an issue on GitHub OpenSC tracker

Any help appreciated

saper · August 3, 2023, 10:02pm

for archives:

From Nitrokey 3 SSH login with PKCS11 · Issue #2824 · OpenSC/OpenSC · GitHub

Jakuje commented Aug 1, 2023

The OpenSSH does not support Ed25519 keys in PKCS#11:

3202 – Ed25519 key on HSM is not getting listed in ssh-add -l command

There is also a patch for over 2 years: