The netscape security suite is an implementation of the crypto card framework. This patch introduces the possibility to use it with openssh.
Created attachment 1734 [details] patch adding the functionality
NSS seems like a nicer API than using PKCS#11 directly, but it is still incompatibly licensed. I'd rather see alternate key providers implemented as standalone agents than patches to OpenSSH, but we might need to do some plumbing to make this usable (e.g. multiple agent support).
Why is it incompatibly licensed? The NSS is tri-licensed - MPL, LGPL, and GPL licensed. Both LGPL and MPL should not be incompatible with licenses that apply to OpenSSH code. Of course I'd expect that the NSS support in OpenSSH would always be compiled in only optionally.
Created attachment 1793 [details] new version of the patch This patch add library libplc4 to ld to avoid implicit dso linking
OpenSSH has had PKCS#11 support for some years now, we don't need another way to get at keys on smartcards.
Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1