SSH Agent PKCS11 Support

[yan4321]

Currently PKCS11 keys work when using the SSH client with the -I switch (with PRs #331 and, if building with VS2017 #322).
In the SSH agent though there is no support for adding/removing/signing PKCS11 keys.
This PR aims to add this functionality to the Windows SSH agent.
(#322 is needed if building with VS2017)
Tested with Yubikey 4 Nano, Yubikey 4 and SoftHSM2.

[msftclas]

All CLA requirements met.

[WSLUser]

@yan4321 Can you rebase off current master (and fix any conflicts)? @manojampalam when can we have this support added?

[WSLUser]

@bagajjal Can we merge this in?

[grinsekatz74]

Any news on this merge request? Having PKCS11 support for the ssh-agent would be really useful.

[midnight-run]

Any news for this merge request?

[bagajjal]

@yan4321 - Please rebase and provide the steps to verify the functionality.

[tecandrew]

Any updates for this request?

[fouwels]

Any news on this getting merged in?

[MrTinnysis]

Any news on this? Can I assist? I could provide steps for testing with Yubikey.

[yan4321]

@WSLUser , @manojampalam , @bagajjal , I would like to continue progress on this so we can merge it. I would need to resign the CLA. Can you please assist with terminating my previous signature, so I can resign it? You can follow the instructions here and use the following body/params for the request:

{
  "user": "yan4321",
  "userId": "1812956",
  "endDate": "2019-08-10T00:00:00.000Z",
  "owner": "PowerShell",
  "repo": "openssh-portable"
}

Thank you.

[bagajjal]

@yan4321 - I'm getting mallformed or illegal request when tried in postman.
fyi, I used bearer token as my github token.

[yan4321]

@bagajjal , Thank you. It looks like you were trying to send a GET request instead of POST.
Attached below is my attempt with postman. Since the body is exactly the same I included the headers tab for reference. Please note that your GitHub token needs to be under the x-token header key. I am getting "401 unauthorized" response (as expected).

Alternativly, it might be simpler to issue the following curl command:

curl -H "x-token: <github_token_here>" -H "Content-Type: application/json" -X POST -d @/c/path_to_file/body.json https://cla-assistant.io/api/cla/terminateSignature

And replace <github_token_here> with your GitHub token and /c/path_to_file/body.json with the location of the json file containing the request body.

Appreciate your help!

[bagajjal]

@yan4321 - I' m still getting an error

[yan4321]

Thanks, @bagajjal.
Can you please try again? (It might have been resolved since)
If you're still getting "internal server error", can you please open an issue with the cla-assistant project here. (I cannot repro this issue since I'm not an admin of this repo)
(Also, since this is not directly related to this PR, feel free to email me via the email listed in my Github profile, and we can resolve this on a side channel.)
Thanks again.

[bagajjal]

@yan4321 - I still get the same error. I created the issue,
cla-assistant/cla-assistant#672.

I sent an email to you. If LCA issue takes more time then I will do the necessary changes to get this PR checkin.

[bagajjal]

@yan4321 - Your signature is removed now.

[fouwels]

Any news of this being merged? This is highly significant for allowing smart card based SSH agent forwarding

[ryandeivert]

I'm hoping someone can take a look at a new PR I've opened that attempts to address the merge conflicts in this PR: #533

[jdewitee]

Will this be available in a release of Win32-OpenSSH any time soon?
I am trying to use yubikey with ssh-agent "ssh-add -s pkcs11" but it fails with error "communication with agent failed"

[bagajjal]

tracking as part of #537