diff options
author | Damien Miller <djm@mindrot.org> | 2002-04-23 22:48:46 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2002-04-23 22:48:46 +1000 |
commit | f6195f2be82cae07660db8f7c3039567f37ffa74 (patch) | |
tree | 5acf61fca1ea4bc07f5aa180feb78a0724305116 /README.smartcard | |
parent | 654a4ef9699c7e396626abd23d725e8534f953c1 (diff) |
- (djm) Applied OpenSC smartcard updates from Markus &
Antti Tapaninen <aet@cc.hut.fi>
Diffstat (limited to 'README.smartcard')
-rw-r--r-- | README.smartcard | 60 |
1 files changed, 34 insertions, 26 deletions
diff --git a/README.smartcard b/README.smartcard index 3017452c4..29bec8dc6 100644 --- a/README.smartcard +++ b/README.smartcard | |||
@@ -1,31 +1,23 @@ | |||
1 | How to use smartcards with OpenSSH? | 1 | How to use smartcards with OpenSSH? |
2 | 2 | ||
3 | OpenSSH contains experimental support for authentication using | 3 | OpenSSH contains experimental support for authentication using Cyberflex |
4 | Cyberflex smartcards and TODOS card readers, in addition to the cards with | 4 | smartcards and TODOS card readers, in addition to the cards with PKCS#15 |
5 | PKCS #15 structure supported by OpenSC. | 5 | structure supported by OpenSC. |
6 | 6 | ||
7 | WARNING: Smartcard support is still in development. Keyfile formats, etc | 7 | WARNING: Smartcard support is still in development. |
8 | are still subject to change. | 8 | Keyfile formats, etc are still subject to change. |
9 | 9 | ||
10 | To enable this you need to: | 10 | To enable sectok support: |
11 | 11 | ||
12 | (1) install sectok or OpenSC | 12 | (1) install sectok: |
13 | 13 | ||
14 | Sources are instructions are available from | 14 | Sources and instructions are available from |
15 | http://www.citi.umich.edu/projects/smartcard/sectok.html | 15 | http://www.citi.umich.edu/projects/smartcard/sectok.html |
16 | 16 | ||
17 | or | 17 | (2) enable sectok support in OpenSSH: |
18 | |||
19 | http://www.opensc.org/ | ||
20 | |||
21 | (2) enable SMARTCARD support in OpenSSH: | ||
22 | 18 | ||
23 | $ ./configure --with-sectok[=/path/to/libsectok] [options] | 19 | $ ./configure --with-sectok[=/path/to/libsectok] [options] |
24 | 20 | ||
25 | or | ||
26 | |||
27 | $ ./configure --with-opensc[=/path/to/opensc] [options] | ||
28 | |||
29 | (3) load the Java Cardlet to the Cyberflex card: | 21 | (3) load the Java Cardlet to the Cyberflex card: |
30 | 22 | ||
31 | $ sectok | 23 | $ sectok |
@@ -35,12 +27,11 @@ To enable this you need to: | |||
35 | 27 | ||
36 | (4) load a RSA key to the card: | 28 | (4) load a RSA key to the card: |
37 | 29 | ||
38 | please don't use your production RSA keys, since | 30 | Please don't use your production RSA keys, since |
39 | with the current version of sectok/ssh-keygen | 31 | with the current version of sectok/ssh-keygen |
40 | the private key file is still readable | 32 | the private key file is still readable. |
41 | 33 | ||
42 | $ ssh-keygen -f /path/to/rsakey -U 1 | 34 | $ ssh-keygen -f /path/to/rsakey -U <readernum, eg. 0> |
43 | (where 1 is the reader number, you can also try 0) | ||
44 | 35 | ||
45 | In spite of the name, this does not generate a key. | 36 | In spite of the name, this does not generate a key. |
46 | It just loads an already existing key on to the card. | 37 | It just loads an already existing key on to the card. |
@@ -65,13 +56,30 @@ To enable this you need to: | |||
65 | wrong passphrase three times in a row, you will | 56 | wrong passphrase three times in a row, you will |
66 | destroy your card. | 57 | destroy your card. |
67 | 58 | ||
68 | (6) tell the ssh client to use the card reader: | 59 | To enable OpenSC support: |
60 | |||
61 | (1) install OpenSC: | ||
62 | |||
63 | Sources and instructions are available from | ||
64 | http://www.opensc.org/ | ||
65 | |||
66 | (2) enable OpenSC support in OpenSSH: | ||
67 | |||
68 | $ ./configure --with-opensc[=/path/to/opensc] [options] | ||
69 | |||
70 | (3) load a RSA key to the card: | ||
71 | |||
72 | Not supported yet. | ||
73 | |||
74 | Common smartcard options: | ||
75 | |||
76 | (1) tell the ssh client to use the card reader: | ||
69 | 77 | ||
70 | $ ssh -I 1 otherhost | 78 | $ ssh -I <readernum, eg. 0> otherhost |
71 | 79 | ||
72 | (7) or tell the agent (don't forget to restart) to use the smartcard: | 80 | (2) or tell the agent (don't forget to restart) to use the smartcard: |
73 | 81 | ||
74 | $ ssh-add -s 1 | 82 | $ ssh-add -s <readernum, eg. 0> |
75 | 83 | ||
76 | -markus, | 84 | -markus, |
77 | Tue Jul 17 23:54:51 CEST 2001 | 85 | Sat Apr 13 13:48:10 EEST 2002 |