0

I'm working on infrastructure that requires me to load a smartcard prior to getting access to the bastions. This is done using a Yubikey based pkcs11.so The code looks like : `

Generate-ssh() {
   ssh-add -e /usr/local/lib/opensc-pkcs11.so >> /dev/null
   if [ $? -gt 0 ]; then
       echo "Failed to remove previous card"
   fi
   ssh-add -s /usr/local/lib/opensc-pkcs11.so >>
}

` The problem So every-time the Generate-ssh() method is run, it asks for the Yubikey pin. I enter the Yubikey pin when prompted, and then all is well, smart card added. My question is surely this can be automated. Can i not hardcode the yubikey pin somewhere so that its automatically parsed.

What i want I simply want to be able to run the method Generate-ssh(), and the smart card to be added. I don't want the added step of looking for the pin to parse, every-time i'm using the smartcard.

I tried adding my pin in literal quotes after ssh-add like:

ssh-add -s /usr/local/lib/opensc-pkcs11.so >> "xtrtaht"

I also tried creating variables to then export. the variable would house the pin "xtrtaht" of course.

None of these methods worked

shellter
  • 36,525
  • 7
  • 83
  • 90
sagan cobra
  • 1
  • ... >> "xtrtaht"` is the shell syntax to redirect output to a file. Look at your current working directory and you should see a file `"xtrtaht"`. Sorry, don't know how to pass in the key. Maybe try `ssh ... < "xtrtaht"` ? But most securrity utilities expect their input from a live keyboard, and not `std-in` redirection. Look for info on that. If keyboard input is required, you can fake that with the `expect` utility, but that will require some work. Good luck. – shellter Apr 21 '23 at 22:51
  • This is what i'm beginning to think. They've designed it so that a live keyboard is always needed – sagan cobra Apr 22 '23 at 14:51

0 Answers0