diff options
-rw-r--r-- | ChangeLog | 3 | ||||
-rw-r--r-- | README.smartcard | 48 |
2 files changed, 37 insertions, 14 deletions
@@ -1,5 +1,6 @@ | |||
1 | 20030609 | 1 | 20030609 |
2 | - (djm) Sync README.smartcard with OpenBSD -current | 2 | - (djm) Sync README.smartcard with OpenBSD -current |
3 | - (djm) Re-merge OpenSC info into README.smartcard | ||
3 | 4 | ||
4 | 20030606 | 5 | 20030606 |
5 | - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@ | 6 | - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@ |
@@ -479,4 +480,4 @@ | |||
479 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. | 480 | - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. |
480 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au | 481 | Report from murple@murple.net, diagnosis from dtucker@zip.com.au |
481 | 482 | ||
482 | $Id: ChangeLog,v 1.2791 2003/06/10 08:55:22 djm Exp $ | 483 | $Id: ChangeLog,v 1.2792 2003/06/10 11:09:09 djm Exp $ |
diff --git a/README.smartcard b/README.smartcard index 7bbb0753b..88810fc83 100644 --- a/README.smartcard +++ b/README.smartcard | |||
@@ -1,13 +1,15 @@ | |||
1 | How to use smartcards with OpenSSH? | 1 | How to use smartcards with OpenSSH? |
2 | 2 | ||
3 | OpenSSH contains experimental support for authentication using | 3 | OpenSSH contains experimental support for authentication using |
4 | Cyberflex smartcards and TODOS card readers. To enable this you | 4 | Cyberflex smartcards and TODOS card readers, in addition to the cards |
5 | with PKCS#15 structure supported by OpenSC. To enable this you | ||
5 | need to: | 6 | need to: |
6 | 7 | ||
7 | (1) enable SMARTCARD support in OpenSSH: | 8 | Using libsectok: |
8 | 9 | ||
9 | $ ./configure --with-smartcard [...] | 10 | (1) enable sectok support in OpenSSH: |
10 | and rebuild | 11 | |
12 | $ ./configure --with-sectok | ||
11 | 13 | ||
12 | (2) If you have used a previous version of ssh with your card, you | 14 | (2) If you have used a previous version of ssh with your card, you |
13 | must remove the old applet and keys. | 15 | must remove the old applet and keys. |
@@ -44,15 +46,7 @@ need to: | |||
44 | In spite of the name, this does not generate a key. | 46 | In spite of the name, this does not generate a key. |
45 | It just loads an already existing key on to the card. | 47 | It just loads an already existing key on to the card. |
46 | 48 | ||
47 | (5) tell the ssh client to use the card reader: | 49 | (5) Optional: If you don't want to use a card passphrase, change the |
48 | |||
49 | $ ssh -I 1 otherhost | ||
50 | |||
51 | (6) or tell the agent (don't forget to restart) to use the smartcard: | ||
52 | |||
53 | $ ssh-add -s 1 | ||
54 | |||
55 | (7) Optional: If you don't want to use a card passphrase, change the | ||
56 | acl on the private key file: | 50 | acl on the private key file: |
57 | 51 | ||
58 | $ sectok | 52 | $ sectok |
@@ -65,6 +59,34 @@ need to: | |||
65 | If you do this, anyone who has access to your card | 59 | If you do this, anyone who has access to your card |
66 | can assume your identity. This is not recommended. | 60 | can assume your identity. This is not recommended. |
67 | 61 | ||
62 | |||
63 | Using OpenSC: | ||
64 | |||
65 | (1) install OpenSC: | ||
66 | |||
67 | Sources and instructions are available from | ||
68 | http://www.opensc.org/ | ||
69 | |||
70 | (2) enable OpenSC support in OpenSSH: | ||
71 | |||
72 | $ ./configure --with-opensc[=/path/to/opensc] [options] | ||
73 | |||
74 | (3) load a RSA key to the card: | ||
75 | |||
76 | Not supported yet. | ||
77 | |||
78 | |||
79 | Common operations: | ||
80 | |||
81 | (1) tell the ssh client to use the card reader: | ||
82 | |||
83 | $ ssh -I 1 otherhost | ||
84 | |||
85 | (2) or tell the agent (don't forget to restart) to use the smartcard: | ||
86 | |||
87 | $ ssh-add -s 1 | ||
88 | |||
89 | |||
68 | -markus, | 90 | -markus, |
69 | Tue Jul 17 23:54:51 CEST 2001 | 91 | Tue Jul 17 23:54:51 CEST 2001 |
70 | 92 | ||