login about faq

Hi,

Would it be possible to provide an example ssh-server-config that shows how to use a pkcs11 externalkey please? I have had a look through the 6.3.0.76 Windows documentation but don't seem to be able to find an example.

Many Thanks

Stuart

asked Aug 10 '12 at 16:33

Stuart%20Horler's gravatar image

Stuart Horler
1112

edited Aug 10 '12 at 16:33


Tectia SSH Server can be configured to use a host certificate from HSM via PKCS#11 by specifying init-info that depends on the HSM PKCS#11 provider. For example:

<hostkey> <externalkey type="pkcs11" init-info="dll(full_path_to_hsm_pkcs11.dll),slots(5) passphrase(your_hsm_pin)" /> </hostkey>

A wrong pin/passphrase or if not specified in init-info while HSM requires it, causes server error "External key provider 'pkcs11://0/': no keys found." and Tectia Server fails to start.

link

answered Mar 11 at 08:09

SSH%20KB's gravatar image

SSH KB ♦♦
509253251241

Hi Stuart,

Please confirm if it is client (user) based authentication, or server based authentication you wish to complete?

User authentication with x509 certificates is documented link:here

Server authentication with x509 certificates is documented link:here

Thanks, Jamesa

link
This answer is marked "community wiki".

answered Aug 15 '12 at 10:32

jamesw's gravatar image

jamesw
468815

edited Mar 11 at 07:53

SSH%20KB's gravatar image

SSH KB ♦♦
509253251241

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×5
×2
×1

Asked: Aug 10 '12 at 16:33

Seen: 3,725 times

Last updated: Mar 11 at 08:09

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.