diff options
-rw-r--r-- | ChangeLog | 4 | ||||
-rw-r--r-- | Makefile.in | 11 | ||||
-rw-r--r-- | README.smartcard | 69 | ||||
-rw-r--r-- | configure.in | 4 | ||||
-rw-r--r-- | scard/Makefile.in | 27 |
5 files changed, 110 insertions, 5 deletions
@@ -2,6 +2,8 @@ | |||
2 | - (djm) Configure support for smartcards. Based on Ben's work. | 2 | - (djm) Configure support for smartcards. Based on Ben's work. |
3 | - (djm) Revert setgroups call, it causes problems on OS-X | 3 | - (djm) Revert setgroups call, it causes problems on OS-X |
4 | - (djm) Avoid warning on BSDgetopt | 4 | - (djm) Avoid warning on BSDgetopt |
5 | - (djm) More makefile infrastructre for smartcard support, also based | ||
6 | on Ben's work | ||
5 | 7 | ||
6 | 20010917 | 8 | 20010917 |
7 | - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds | 9 | - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds |
@@ -6462,4 +6464,4 @@ | |||
6462 | - Wrote replacements for strlcpy and mkdtemp | 6464 | - Wrote replacements for strlcpy and mkdtemp |
6463 | - Released 1.0pre1 | 6465 | - Released 1.0pre1 |
6464 | 6466 | ||
6465 | $Id: ChangeLog,v 1.1527 2001/09/18 05:05:20 djm Exp $ | 6467 | $Id: ChangeLog,v 1.1528 2001/09/18 05:06:21 djm Exp $ |
diff --git a/Makefile.in b/Makefile.in index 1bdc865b7..17565d837 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,10 +1,11 @@ | |||
1 | # $Id: Makefile.in,v 1.185 2001/09/17 21:34:33 tim Exp $ | 1 | # $Id: Makefile.in,v 1.186 2001/09/18 05:06:22 djm Exp $ |
2 | 2 | ||
3 | prefix=@prefix@ | 3 | prefix=@prefix@ |
4 | exec_prefix=@exec_prefix@ | 4 | exec_prefix=@exec_prefix@ |
5 | bindir=@bindir@ | 5 | bindir=@bindir@ |
6 | sbindir=@sbindir@ | 6 | sbindir=@sbindir@ |
7 | libexecdir=@libexecdir@ | 7 | libexecdir=@libexecdir@ |
8 | datadir=@datadir@ | ||
8 | mandir=@mandir@ | 9 | mandir=@mandir@ |
9 | mansubdir=@mansubdir@ | 10 | mansubdir=@mansubdir@ |
10 | sysconfdir=@sysconfdir@ | 11 | sysconfdir=@sysconfdir@ |
@@ -149,6 +150,7 @@ distclean: | |||
149 | rm -f *.out core | 150 | rm -f *.out core |
150 | rm -f Makefile config.h config.status ssh_prng_cmds *~ | 151 | rm -f Makefile config.h config.status ssh_prng_cmds *~ |
151 | (cd openbsd-compat; $(MAKE) distclean) | 152 | (cd openbsd-compat; $(MAKE) distclean) |
153 | (cd scard; $(MAKE) distclean) | ||
152 | 154 | ||
153 | veryclean: | 155 | veryclean: |
154 | rm -f configure config.h.in *.0 | 156 | rm -f configure config.h.in *.0 |
@@ -169,14 +171,19 @@ catman-do: | |||
169 | 171 | ||
170 | distprep: catman-do | 172 | distprep: catman-do |
171 | autoreconf | 173 | autoreconf |
174 | (cd scard ; $(MAKE) -f Makefile.in distprep) | ||
172 | 175 | ||
173 | install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key | 176 | install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key |
174 | install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files | 177 | install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files |
175 | 178 | ||
176 | install-files: | 179 | scard-install: |
180 | (cd scard; $(MAKE) DESTDIR=$(DESTDIR) install) | ||
181 | |||
182 | install-files: scard-install | ||
177 | $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) | 183 | $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir) |
178 | $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) | 184 | $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir) |
179 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) | 185 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir) |
186 | $(srcdir)/mkinstalldirs $(DESTDIR)$(datadir) | ||
180 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 | 187 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1 |
181 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 | 188 | $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8 |
182 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) | 189 | $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir) |
diff --git a/README.smartcard b/README.smartcard new file mode 100644 index 000000000..499dc8ed6 --- /dev/null +++ b/README.smartcard | |||
@@ -0,0 +1,69 @@ | |||
1 | How to use smartcards with OpenSSH? | ||
2 | |||
3 | OpenSSH contains experimental support for authentication using | ||
4 | Cyberflex smartcards and TODOS card readers. To enable this you | ||
5 | need to: | ||
6 | |||
7 | (1) install sectok | ||
8 | |||
9 | $ cd /usr/src/lib/libsectok | ||
10 | $ make obj depend all install includes | ||
11 | $ cd /usr/src/usr.bin/sectok | ||
12 | $ make obj depend all install | ||
13 | |||
14 | (2) enable SMARTCARD support in OpenSSH: | ||
15 | |||
16 | $ vi /usr/src/usr.bin/ssh/Makefile.inc | ||
17 | and uncomment | ||
18 | CFLAGS+= -DSMARTCARD | ||
19 | LDADD+= -lsectok | ||
20 | |||
21 | (3) load the Java Cardlet to the Cyberflex card: | ||
22 | |||
23 | $ sectok | ||
24 | sectok> login -d | ||
25 | sectok> jload /usr/libdata/ssh/Ssh.bin | ||
26 | sectok> quit | ||
27 | |||
28 | (4) load a RSA key to the card: | ||
29 | |||
30 | please don't use your production RSA keys, since | ||
31 | with the current version of sectok/ssh-keygen | ||
32 | the private key file is still readable | ||
33 | |||
34 | $ ssh-keygen -f /path/to/rsakey -U 1 | ||
35 | (where 1 is the reader number, you can also try 0) | ||
36 | |||
37 | In spite of the name, this does not generate a key. | ||
38 | It just loads an already existing key on to the card. | ||
39 | |||
40 | (5) optional: | ||
41 | |||
42 | Change the card password so that only you can | ||
43 | read the private key: | ||
44 | |||
45 | $ sectok | ||
46 | sectok> login -d | ||
47 | sectok> setpass | ||
48 | sectok> quit | ||
49 | |||
50 | This prevents reading the key but not use of the | ||
51 | key by the card applet. | ||
52 | |||
53 | Do not forget the passphrase. There is no way to | ||
54 | recover if you do. | ||
55 | |||
56 | IMPORTANT WARNING: If you attempt to login with the | ||
57 | wrong passphrase three times in a row, you will | ||
58 | destroy your card. | ||
59 | |||
60 | (6) tell the ssh client to use the card reader: | ||
61 | |||
62 | $ ssh -I 1 otherhost | ||
63 | |||
64 | (7) or tell the agent (don't forget to restart) to use the smartcard: | ||
65 | |||
66 | $ ssh-add -s 1 | ||
67 | |||
68 | -markus, | ||
69 | Tue Jul 17 23:54:51 CEST 2001 | ||
diff --git a/configure.in b/configure.in index d873054fa..94fbfc388 100644 --- a/configure.in +++ b/configure.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.in,v 1.310 2001/09/18 04:01:12 djm Exp $ | 1 | # $Id: configure.in,v 1.311 2001/09/18 05:06:22 djm Exp $ |
2 | 2 | ||
3 | AC_INIT(ssh.c) | 3 | AC_INIT(ssh.c) |
4 | 4 | ||
@@ -2058,7 +2058,7 @@ fi | |||
2058 | 2058 | ||
2059 | AC_EXEEXT | 2059 | AC_EXEEXT |
2060 | 2060 | ||
2061 | AC_OUTPUT(Makefile openbsd-compat/Makefile ssh_prng_cmds) | 2061 | AC_OUTPUT(Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds) |
2062 | 2062 | ||
2063 | # Print summary of options | 2063 | # Print summary of options |
2064 | 2064 | ||
diff --git a/scard/Makefile.in b/scard/Makefile.in new file mode 100644 index 000000000..53ac5e9a4 --- /dev/null +++ b/scard/Makefile.in | |||
@@ -0,0 +1,27 @@ | |||
1 | # $Id: Makefile.in,v 1.1 2001/09/18 05:06:22 djm Exp $ | ||
2 | |||
3 | prefix=@prefix@ | ||
4 | datadir=@datadir@ | ||
5 | srcdir=@srcdir@ | ||
6 | top_srcdir=@top_srcdir@ | ||
7 | |||
8 | INSTALL=@INSTALL@ | ||
9 | |||
10 | VPATH=@srcdir@ | ||
11 | |||
12 | all: | ||
13 | |||
14 | Ssh.bin: Ssh.bin.uu | ||
15 | uudecode Ssh.bin.uu | ||
16 | |||
17 | clean: | ||
18 | rm -rf Ssh.bin | ||
19 | |||
20 | distprep: Ssh.bin | ||
21 | |||
22 | distclean: clean | ||
23 | rm -f Makefile *~ | ||
24 | |||
25 | install: Ssh.bin | ||
26 | $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir) | ||
27 | $(INSTALL) -m 0644 -s $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin | ||