Using NitroKey HSM with PuTTY


#1

Hi,
I would like to know, how I need to setup PuTTY to use my NitroKey HSM with it. Unfortunately the “Applications” tab on your website (https://www.nitrokey.com/documentation/applications#p:nitrokey-hsm&os:windows&a:ssh-for-server-administration) only explains how to do it with a GPG-compatible NitroKey, but as I understood it, the HSM is not, right?

So I already tried to use the modified pageant.exe from Dr. Peter Koch (http://smartcard-auth.de/ssh-en.html) following his Installation instructions (except using version 0.70 instead of 0.68), but the pageant shows my stick as an “Empty Unknown Card”.

Then I tried PuTTY CAC, which should have native support for smart cards and pkcs#11. But there I have the problem, that in the newest version from the homepage, I don’t know how to setup my stick (pageant doesn’t show it and the putty settings want a pkcs#11 certificate).
When I use the older version from your driver package, I can specifiy a pkcs11 library in the settings under “Connection” -> “SSH” -> “Pkcs11” (which is only available in this version, not the others).
Though when select the pkcs11 dll file from the driver package (the sc-hsm-pkcs11.dll that has been installed into my system32) and then select my NitroKey HSM under “Token label”, the selected smart card disappears as soon, as I click in the “Certificate label” field or anywhere else.

Has anyone successfully used his NitroKey HSM for SSH Login via PuTTY on Windows (or any other SSH Client on Windows) and can tell me how to make it work?

Best regards,
Jonas

P.S: Ich habe nur auf englisch geschrieben, um möglichst viele Personen zu erreichen. Ihr könnt auch auf deutsch antworten.


#2

Hey,

does these two help? raymii and smartcard

Kind regards
Alex

PS: I’ll probably add them to the documentation as well. Thanks for the hint!


#3

Hey,
I already knew the tutorial from Raymii.org. It helped me VERY much understanding how to set up the stick and how the stick works. You should definitely put that somewhere in the documentation.

Sadly both didn’t help me, setting up a Windows SSH client. Raymii only shows, how it works with linux and the other link you provided, only says, that you should set up PuTTY CAC. But as I described, I had problems setting up PuTTY CAC and the other versions :confused:

Best regards,
Jonas


#4

Hi,

okay I see. Sorry. I need to ask: did you try the Putty-CAC version of the sc-hsm-starterkit which is provided in the second link? They may provide a special version, I don’t know.

I’ll try around a bit myself as soon as my Win10 VM is updated :wink:

Kind regards
Alex


#5

Yes. That was the “older version from your driver package” I talked about in my first post.
But it seems to be bugged, because when I select my Nitrokey and then click somewhere else, it gets deselected automatically…

Thanks for your help :slight_smile:


#6

Hey,

unfortunately, I couldn’t get it working either, I am sorry. I had the same issues you had. The newest version of PuTTY seems to work with pkcs11 certs only, but I don’t know how they would be handled right now. The older version is somehow broken (as you described).

I may have another look at the end of the week.

Kind regards
Alex