The documentation for setting up SSH shows how to create
id_ecdsa_sk public/private pairs.
This works well when
id_ecdsa_sk is supported, unfortunately it doesn’t work if you have to connect to older servers, and some sites (bitbucket, gitea’s
tea command for e.g.) still don’t support
So I would like to be able to store an SSH key (RSA) on the nitrokey.
I’ve looked into smart-card support, and spent quite some time to get this working on arch linux, but uploading the key always gave an obscure error.
(in case it helps, running firmware 1.5.0).
$ p11tool \ --admin-login \ --generate-privkey rsa \ --bits 1024 \ --label "MySSH" \ "pkcs11:model=p11-kit-trust;manufacturer=PKCS%2311%20Kit;serial=1;token=Default%20Trust" Error in pkcs11_generate:1434: PKCS #11 error in token
$ pkcs11-tool \ --module /usr/lib/opensc-pkcs11.so \ -l \ --pin 654321 \ --keypairgen \ --key-type rsa:1024 \ --id 0 Using slot 0 with a present token (0x0) error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_FUNCTION_NOT_SUPPORTED (0x54) Aborting.
However I’m wondering if this is even the most straightforward way of storing SSH-RSA keys.
I saw something about GPG being able to store SSH keys too, are there steps to use SSH-RSA keys on NK3 or some general advice on storing existing SSH keys on the NK3?