Reputation: 1
Automate parsing yubikey pin in pkcs11
I'm working on infrastructure that requires me to load a smartcard prior to getting access to the bastions. This is done using a Yubikey based pkcs11.so The code looks like : `
Generate-ssh() {
ssh-add -e /usr/local/lib/opensc-pkcs11.so >> /dev/null
if [ $? -gt 0 ]; then
echo "Failed to remove previous card"
fi
ssh-add -s /usr/local/lib/opensc-pkcs11.so >>
}
` The problem So every-time the Generate-ssh() method is run, it asks for the Yubikey pin. I enter the Yubikey pin when prompted, and then all is well, smart card added. My question is surely this can be automated. Can i not hardcode the yubikey pin somewhere so that its automatically parsed.
What i want I simply want to be able to run the method Generate-ssh(), and the smart card to be added. I don't want the added step of looking for the pin to parse, every-time i'm using the smartcard.
I tried adding my pin in literal quotes after ssh-add like:
ssh-add -s /usr/local/lib/opensc-pkcs11.so >> "xtrtaht"
I also tried creating variables to then export. the variable would house the pin "xtrtaht" of course.
None of these methods worked
Upvotes: 0
Views: 412
Answers (1)
Reputation: 1
Try the following:
#!/usr/bin/expect
set timeout 10
spawn ssh-add -e /usr/local/lib/opensc-pkcs11.so
spawn ssh-add -s /usr/local/lib/opensc-pkcs11.so
expect "Enter passphrase"
send "enter your pin\r"
expect eof
Upvotes: 0
Related Questions
- Parsing JSON with Unix tools
- How to add multiple yubikey PIV authentication keys to ssh-agent with ssh-add?
- How do I get my Yubikey to work with SSH in Windows 10?
- Getting certificates from PKCS11 Smartcard without PIN/password
- How to make a TLS request using a smartcard with python?
- How to interact with multiple javacard applications on the same physical smartcard (like yubikey)
- Signing a Certificate Signing Request using a CA stored on a Yubikey
- PKCS#11 PKCS11 dll
- How to access a smartcard in Java on Linux?