- (djm) Re-merge OpenSC info into README.smartcard

author: Damien Miller <djm@mindrot.org> 2003-06-10 21:09:09 +1000
committer: Damien Miller <djm@mindrot.org> 2003-06-10 21:09:09 +1000
commit: 78f2e5ca98e36fa9e87e967243aedacde8d64156 (patch)
tree: 409432578d917bdac9ce9f11cb4eb32e3e93c51c
parent: c18c06e131f7b3660fdab6c0d4b6b087274ffb50 (diff)
2 files changed, 37 insertions, 14 deletions
diff --git a/ChangeLog b/ChangeLog
index e2b5de86b..24dfa0be6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,6 @@
 20030609
 - (djm) Sync README.smartcard with OpenBSD -current
+ - (djm) Re-merge OpenSC info into README.smartcard
 20030606
 - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
@@ -479,4 +480,4 @@
 - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
   Report from murple@murple.net, diagnosis from dtucker@zip.com.au
-$Id: ChangeLog,v 1.2791 2003/06/10 08:55:22 djm Exp $
+$Id: ChangeLog,v 1.2792 2003/06/10 11:09:09 djm Exp $
diff --git a/README.smartcard b/README.smartcard
index 7bbb0753b..88810fc83 100644
--- a/README.smartcard
+++ b/README.smartcard
@@ -1,13 +1,15 @@
 How to use smartcards with OpenSSH?
 OpenSSH contains experimental support for authentication using
-Cyberflex smartcards and TODOS card readers. To enable this you
+Cyberflex smartcards and TODOS card readers, in addition to the cards 
+with PKCS#15 structure supported by OpenSC. To enable this you
 need to:
-(1) enable SMARTCARD support in OpenSSH:
+Using libsectok:
-        $ ./configure --with-smartcard [...]
+(1) enable sectok support in OpenSSH:
-        and rebuild
+        $ ./configure --with-sectok
 (2) If you have used a previous version of ssh with your card, you
    must remove the old applet and keys.
@@ -44,15 +46,7 @@ need to:
        In spite of the name, this does not generate a key.
        It just loads an already existing key on to the card.
-(5) tell the ssh client to use the card reader:
+(5) Optional: If you don't want to use a card passphrase, change the
-        $ ssh -I 1 otherhost
-(6) or tell the agent (don't forget to restart) to use the smartcard:
-        $ ssh-add -s 1
-(7) Optional: If you don't want to use a card passphrase, change the
    acl on the private key file:
        $ sectok
@@ -65,6 +59,34 @@ need to:
        If you do this, anyone who has access to your card
        can assume your identity.  This is not recommended.
+Using OpenSC:
+(1) install OpenSC:
+        Sources and instructions are available from
+        http://www.opensc.org/
+(2) enable OpenSC support in OpenSSH:
+        $ ./configure --with-opensc[=/path/to/opensc] [options]
+(3) load a RSA key to the card:
+        Not supported yet.
+Common operations:
+(1) tell the ssh client to use the card reader:
+        $ ssh -I 1 otherhost
+(2) or tell the agent (don't forget to restart) to use the smartcard:
+        $ ssh-add -s 1
 -markus,
 Tue Jul 17 23:54:51 CEST 2001
author	Damien Miller <djm@mindrot.org>	2003-06-10 21:09:09 +1000
committer	Damien Miller <djm@mindrot.org>	2003-06-10 21:09:09 +1000
commit	78f2e5ca98e36fa9e87e967243aedacde8d64156 (patch)
tree	409432578d917bdac9ce9f11cb4eb32e3e93c51c
parent	c18c06e131f7b3660fdab6c0d4b6b087274ffb50 (diff)

diff --git a/ChangeLog b/ChangeLog index e2b5de86b..24dfa0be6 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -1,5 +1,6 @@
1	20030609	1	20030609
2	- (djm) Sync README.smartcard with OpenBSD -current	2	- (djm) Sync README.smartcard with OpenBSD -current
		3	- (djm) Re-merge OpenSC info into README.smartcard
3		4
4	20030606	5	20030606
5	- (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@	6	- (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
@@ -479,4 +480,4 @@
479	- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.	480	- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
480	Report from murple@murple.net, diagnosis from dtucker@zip.com.au	481	Report from murple@murple.net, diagnosis from dtucker@zip.com.au
481		482
482	$Id: ChangeLog,v 1.2791 2003/06/10 08:55:22 djm Exp $	483	$Id: ChangeLog,v 1.2792 2003/06/10 11:09:09 djm Exp $


diff --git a/README.smartcard b/README.smartcard index 7bbb0753b..88810fc83 100644 --- a/README.smartcard +++ b/README.smartcard
@@ -1,13 +1,15 @@
1	How to use smartcards with OpenSSH?	1	How to use smartcards with OpenSSH?
2		2
3	OpenSSH contains experimental support for authentication using	3	OpenSSH contains experimental support for authentication using
4	Cyberflex smartcards and TODOS card readers. To enable this you	4	Cyberflex smartcards and TODOS card readers, in addition to the cards
		5	with PKCS#15 structure supported by OpenSC. To enable this you
5	need to:	6	need to:
6		7
7	(1) enable SMARTCARD support in OpenSSH:	8	Using libsectok:
8		9
9	$ ./configure --with-smartcard [...]	10	(1) enable sectok support in OpenSSH:
10	and rebuild	11
		12	$ ./configure --with-sectok
11		13
12	(2) If you have used a previous version of ssh with your card, you	14	(2) If you have used a previous version of ssh with your card, you
13	must remove the old applet and keys.	15	must remove the old applet and keys.
@@ -44,15 +46,7 @@ need to:
44	In spite of the name, this does not generate a key.	46	In spite of the name, this does not generate a key.
45	It just loads an already existing key on to the card.	47	It just loads an already existing key on to the card.
46		48
47	(5) tell the ssh client to use the card reader:	49	(5) Optional: If you don't want to use a card passphrase, change the
48
49	$ ssh -I 1 otherhost
50
51	(6) or tell the agent (don't forget to restart) to use the smartcard:
52
53	$ ssh-add -s 1
54
55	(7) Optional: If you don't want to use a card passphrase, change the
56	acl on the private key file:	50	acl on the private key file:
57		51
58	$ sectok	52	$ sectok
@@ -65,6 +59,34 @@ need to:
65	If you do this, anyone who has access to your card	59	If you do this, anyone who has access to your card
66	can assume your identity. This is not recommended.	60	can assume your identity. This is not recommended.
67		61
		62
		63	Using OpenSC:
		64
		65	(1) install OpenSC:
		66
		67	Sources and instructions are available from
		68	http://www.opensc.org/
		69
		70	(2) enable OpenSC support in OpenSSH:
		71
		72	$ ./configure --with-opensc[=/path/to/opensc] [options]
		73
		74	(3) load a RSA key to the card:
		75
		76	Not supported yet.
		77
		78
		79	Common operations:
		80
		81	(1) tell the ssh client to use the card reader:
		82
		83	$ ssh -I 1 otherhost
		84
		85	(2) or tell the agent (don't forget to restart) to use the smartcard:
		86
		87	$ ssh-add -s 1
		88
		89
68	-markus,	90	-markus,
69	Tue Jul 17 23:54:51 CEST 2001	91	Tue Jul 17 23:54:51 CEST 2001
70		92