summaryrefslogtreecommitdiff
path: root/README.smartcard
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2002-04-23 22:48:46 +1000
committerDamien Miller <djm@mindrot.org>2002-04-23 22:48:46 +1000
commitf6195f2be82cae07660db8f7c3039567f37ffa74 (patch)
tree5acf61fca1ea4bc07f5aa180feb78a0724305116 /README.smartcard
parent654a4ef9699c7e396626abd23d725e8534f953c1 (diff)
- (djm) Applied OpenSC smartcard updates from Markus &
Antti Tapaninen <aet@cc.hut.fi>
Diffstat (limited to 'README.smartcard')
-rw-r--r--README.smartcard60
1 files changed, 34 insertions, 26 deletions
diff --git a/README.smartcard b/README.smartcard
index 3017452c4..29bec8dc6 100644
--- a/README.smartcard
+++ b/README.smartcard
@@ -1,31 +1,23 @@
1How to use smartcards with OpenSSH? 1How to use smartcards with OpenSSH?
2 2
3OpenSSH contains experimental support for authentication using 3OpenSSH contains experimental support for authentication using Cyberflex
4Cyberflex smartcards and TODOS card readers, in addition to the cards with 4smartcards and TODOS card readers, in addition to the cards with PKCS#15
5PKCS #15 structure supported by OpenSC. 5structure supported by OpenSC.
6 6
7WARNING: Smartcard support is still in development. Keyfile formats, etc 7WARNING: Smartcard support is still in development.
8are still subject to change. 8Keyfile formats, etc are still subject to change.
9 9
10To enable this you need to: 10To enable sectok support:
11 11
12(1) install sectok or OpenSC 12(1) install sectok:
13 13
14 Sources are instructions are available from 14 Sources and instructions are available from
15 http://www.citi.umich.edu/projects/smartcard/sectok.html 15 http://www.citi.umich.edu/projects/smartcard/sectok.html
16 16
17 or 17(2) enable sectok support in OpenSSH:
18
19 http://www.opensc.org/
20
21(2) enable SMARTCARD support in OpenSSH:
22 18
23 $ ./configure --with-sectok[=/path/to/libsectok] [options] 19 $ ./configure --with-sectok[=/path/to/libsectok] [options]
24 20
25 or
26
27 $ ./configure --with-opensc[=/path/to/opensc] [options]
28
29(3) load the Java Cardlet to the Cyberflex card: 21(3) load the Java Cardlet to the Cyberflex card:
30 22
31 $ sectok 23 $ sectok
@@ -35,12 +27,11 @@ To enable this you need to:
35 27
36(4) load a RSA key to the card: 28(4) load a RSA key to the card:
37 29
38 please don't use your production RSA keys, since 30 Please don't use your production RSA keys, since
39 with the current version of sectok/ssh-keygen 31 with the current version of sectok/ssh-keygen
40 the private key file is still readable 32 the private key file is still readable.
41 33
42 $ ssh-keygen -f /path/to/rsakey -U 1 34 $ ssh-keygen -f /path/to/rsakey -U <readernum, eg. 0>
43 (where 1 is the reader number, you can also try 0)
44 35
45 In spite of the name, this does not generate a key. 36 In spite of the name, this does not generate a key.
46 It just loads an already existing key on to the card. 37 It just loads an already existing key on to the card.
@@ -65,13 +56,30 @@ To enable this you need to:
65 wrong passphrase three times in a row, you will 56 wrong passphrase three times in a row, you will
66 destroy your card. 57 destroy your card.
67 58
68(6) tell the ssh client to use the card reader: 59To enable OpenSC support:
60
61(1) install OpenSC:
62
63 Sources and instructions are available from
64 http://www.opensc.org/
65
66(2) enable OpenSC support in OpenSSH:
67
68 $ ./configure --with-opensc[=/path/to/opensc] [options]
69
70(3) load a RSA key to the card:
71
72 Not supported yet.
73
74Common smartcard options:
75
76(1) tell the ssh client to use the card reader:
69 77
70 $ ssh -I 1 otherhost 78 $ ssh -I <readernum, eg. 0> otherhost
71 79
72(7) or tell the agent (don't forget to restart) to use the smartcard: 80(2) or tell the agent (don't forget to restart) to use the smartcard:
73 81
74 $ ssh-add -s 1 82 $ ssh-add -s <readernum, eg. 0>
75 83
76-markus, 84-markus,
77Tue Jul 17 23:54:51 CEST 2001 85Sat Apr 13 13:48:10 EEST 2002
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-29 10:04:47 +0000