5 files changed, 110 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 93a9852fe..8a2c50d24 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
 - (djm) Configure support for smartcards. Based on Ben's work.
 - (djm) Revert setgroups call, it causes problems on OS-X
 - (djm) Avoid warning on BSDgetopt
+ - (djm) More makefile infrastructre for smartcard support, also based
+   on Ben's work
 20010917
 - (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
@@ -6462,4 +6464,4 @@
 - Wrote replacements for strlcpy and mkdtemp
 - Released 1.0pre1
-$Id: ChangeLog,v 1.1527 2001/09/18 05:05:20 djm Exp $
+$Id: ChangeLog,v 1.1528 2001/09/18 05:06:21 djm Exp $
diff --git a/Makefile.in b/Makefile.in
index 1bdc865b7..17565d837 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,10 +1,11 @@
-# $Id: Makefile.in,v 1.185 2001/09/17 21:34:33 tim Exp $
+# $Id: Makefile.in,v 1.186 2001/09/18 05:06:22 djm Exp $
 prefix=@prefix@
 exec_prefix=@exec_prefix@
 bindir=@bindir@
 sbindir=@sbindir@
 libexecdir=@libexecdir@
+datadir=@datadir@
 mandir=@mandir@
 mansubdir=@mansubdir@
 sysconfdir=@sysconfdir@
@@ -149,6 +150,7 @@ distclean:
        rm -f *.out core
        rm -f Makefile config.h config.status ssh_prng_cmds *~
        (cd openbsd-compat; $(MAKE) distclean)
+        (cd scard; $(MAKE) distclean)
 veryclean:
        rm -f configure config.h.in *.0
@@ -169,14 +171,19 @@ catman-do:
 distprep: catman-do
        autoreconf
+        (cd scard ; $(MAKE) -f Makefile.in distprep)
 install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
 install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
-install-files:
+scard-install:
+        (cd scard; $(MAKE) DESTDIR=$(DESTDIR) install)
+install-files: scard-install
        $(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
        $(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
        $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
+        $(srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
        $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
        $(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
        $(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
diff --git a/README.smartcard b/README.smartcard
new file mode 100644
index 000000000..499dc8ed6
--- /dev/null
+++ b/README.smartcard
@@ -0,0 +1,69 @@
+How to use smartcards with OpenSSH?
+OpenSSH contains experimental support for authentication using
+Cyberflex smartcards and TODOS card readers. To enable this you
+need to:
+(1) install sectok
+        $ cd /usr/src/lib/libsectok
+        $ make obj depend all install includes
+        $ cd /usr/src/usr.bin/sectok
+        $ make obj depend all install
+(2) enable SMARTCARD support in OpenSSH:
+        $ vi /usr/src/usr.bin/ssh/Makefile.inc
+        and uncomment
+                CFLAGS+=        -DSMARTCARD
+                LDADD+= -lsectok
+(3) load the Java Cardlet to the Cyberflex card:
+        $ sectok
+        sectok> login -d
+        sectok> jload /usr/libdata/ssh/Ssh.bin
+        sectok> quit
+(4) load a RSA key to the card:
+        please don't use your production RSA keys, since
+        with the current version of sectok/ssh-keygen
+        the private key file is still readable
+        $ ssh-keygen -f /path/to/rsakey -U 1
+        (where 1 is the reader number, you can also try 0)
+        In spite of the name, this does not generate a key.
+        It just loads an already existing key on to the card.
+(5) optional:
+        Change the card password so that only you can
+        read the private key:
+        $ sectok
+        sectok> login -d
+        sectok> setpass
+        sectok> quit
+        This prevents reading the key but not use of the
+        key by the card applet.
+        Do not forget the passphrase.  There is no way to
+        recover if you do.
+        IMPORTANT WARNING: If you attempt to login with the
+        wrong passphrase three times in a row, you will
+        destroy your card.
+(6) tell the ssh client to use the card reader:
+        $ ssh -I 1 otherhost
+(7) or tell the agent (don't forget to restart) to use the smartcard:
+        $ ssh-add -s 1
+-markus,
+Tue Jul 17 23:54:51 CEST 2001
diff --git a/configure.in b/configure.in
index d873054fa..94fbfc388 100644
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-# $Id: configure.in,v 1.310 2001/09/18 04:01:12 djm Exp $
+# $Id: configure.in,v 1.311 2001/09/18 05:06:22 djm Exp $
 AC_INIT(ssh.c)
@@ -2058,7 +2058,7 @@ fi
 AC_EXEEXT
-AC_OUTPUT(Makefile openbsd-compat/Makefile ssh_prng_cmds)
+AC_OUTPUT(Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds)
 # Print summary of options
diff --git a/scard/Makefile.in b/scard/Makefile.in
new file mode 100644
index 000000000..53ac5e9a4
--- /dev/null
+++ b/scard/Makefile.in
@@ -0,0 +1,27 @@
+# $Id: Makefile.in,v 1.1 2001/09/18 05:06:22 djm Exp $
+prefix=@prefix@
+datadir=@datadir@
+srcdir=@srcdir@
+top_srcdir=@top_srcdir@
+INSTALL=@INSTALL@
+VPATH=@srcdir@
+all:
+Ssh.bin:  Ssh.bin.uu
+        uudecode Ssh.bin.uu
+clean:
+        rm -rf Ssh.bin
+distprep: Ssh.bin
+distclean: clean
+        rm -f Makefile *~
+install: Ssh.bin
+        $(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
+        $(INSTALL) -m 0644 -s $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin

diff --git a/ChangeLog b/ChangeLog index 93a9852fe..8a2c50d24 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -2,6 +2,8 @@
2	- (djm) Configure support for smartcards. Based on Ben's work.	2	- (djm) Configure support for smartcards. Based on Ben's work.
3	- (djm) Revert setgroups call, it causes problems on OS-X	3	- (djm) Revert setgroups call, it causes problems on OS-X
4	- (djm) Avoid warning on BSDgetopt	4	- (djm) Avoid warning on BSDgetopt
		5	- (djm) More makefile infrastructre for smartcard support, also based
		6	on Ben's work
5		7
6	20010917	8	20010917
7	- (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds	9	- (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
@@ -6462,4 +6464,4 @@
6462	- Wrote replacements for strlcpy and mkdtemp	6464	- Wrote replacements for strlcpy and mkdtemp
6463	- Released 1.0pre1	6465	- Released 1.0pre1
6464		6466
6465	$Id: ChangeLog,v 1.1527 2001/09/18 05:05:20 djm Exp $	6467	$Id: ChangeLog,v 1.1528 2001/09/18 05:06:21 djm Exp $


diff --git a/Makefile.in b/Makefile.in index 1bdc865b7..17565d837 100644 --- a/Makefile.in +++ b/Makefile.in
@@ -1,10 +1,11 @@
1	# $Id: Makefile.in,v 1.185 2001/09/17 21:34:33 tim Exp $	1	# $Id: Makefile.in,v 1.186 2001/09/18 05:06:22 djm Exp $
2		2
3	prefix=@prefix@	3	prefix=@prefix@
4	exec_prefix=@exec_prefix@	4	exec_prefix=@exec_prefix@
5	bindir=@bindir@	5	bindir=@bindir@
6	sbindir=@sbindir@	6	sbindir=@sbindir@
7	libexecdir=@libexecdir@	7	libexecdir=@libexecdir@
		8	datadir=@datadir@
8	mandir=@mandir@	9	mandir=@mandir@
9	mansubdir=@mansubdir@	10	mansubdir=@mansubdir@
10	sysconfdir=@sysconfdir@	11	sysconfdir=@sysconfdir@
@@ -149,6 +150,7 @@ distclean:
149	rm -f *.out core	150	rm -f *.out core
150	rm -f Makefile config.h config.status ssh_prng_cmds *~	151	rm -f Makefile config.h config.status ssh_prng_cmds *~
151	(cd openbsd-compat; $(MAKE) distclean)	152	(cd openbsd-compat; $(MAKE) distclean)
		153	(cd scard; $(MAKE) distclean)
152		154
153	veryclean:	155	veryclean:
154	rm -f configure config.h.in *.0	156	rm -f configure config.h.in *.0
@@ -169,14 +171,19 @@ catman-do:
169		171
170	distprep: catman-do	172	distprep: catman-do
171	autoreconf	173	autoreconf
		174	(cd scard ; $(MAKE) -f Makefile.in distprep)
172		175
173	install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key	176	install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
174	install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files	177	install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
175		178
176	install-files:	179	scard-install:
		180	(cd scard; $(MAKE) DESTDIR=$(DESTDIR) install)
		181
		182	install-files: scard-install
177	$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)	183	$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
178	$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)	184	$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
179	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)	185	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
		186	$(srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
180	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1	187	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
181	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8	188	$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
182	$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)	189	$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)


diff --git a/README.smartcard b/README.smartcard new file mode 100644 index 000000000..499dc8ed6 --- /dev/null +++ b/README.smartcard
@@ -0,0 +1,69 @@
		1	How to use smartcards with OpenSSH?
		2
		3	OpenSSH contains experimental support for authentication using
		4	Cyberflex smartcards and TODOS card readers. To enable this you
		5	need to:
		6
		7	(1) install sectok
		8
		9	$ cd /usr/src/lib/libsectok
		10	$ make obj depend all install includes
		11	$ cd /usr/src/usr.bin/sectok
		12	$ make obj depend all install
		13
		14	(2) enable SMARTCARD support in OpenSSH:
		15
		16	$ vi /usr/src/usr.bin/ssh/Makefile.inc
		17	and uncomment
		18	CFLAGS+= -DSMARTCARD
		19	LDADD+= -lsectok
		20
		21	(3) load the Java Cardlet to the Cyberflex card:
		22
		23	$ sectok
		24	sectok> login -d
		25	sectok> jload /usr/libdata/ssh/Ssh.bin
		26	sectok> quit
		27
		28	(4) load a RSA key to the card:
		29
		30	please don't use your production RSA keys, since
		31	with the current version of sectok/ssh-keygen
		32	the private key file is still readable
		33
		34	$ ssh-keygen -f /path/to/rsakey -U 1
		35	(where 1 is the reader number, you can also try 0)
		36
		37	In spite of the name, this does not generate a key.
		38	It just loads an already existing key on to the card.
		39
		40	(5) optional:
		41
		42	Change the card password so that only you can
		43	read the private key:
		44
		45	$ sectok
		46	sectok> login -d
		47	sectok> setpass
		48	sectok> quit
		49
		50	This prevents reading the key but not use of the
		51	key by the card applet.
		52
		53	Do not forget the passphrase. There is no way to
		54	recover if you do.
		55
		56	IMPORTANT WARNING: If you attempt to login with the
		57	wrong passphrase three times in a row, you will
		58	destroy your card.
		59
		60	(6) tell the ssh client to use the card reader:
		61
		62	$ ssh -I 1 otherhost
		63
		64	(7) or tell the agent (don't forget to restart) to use the smartcard:
		65
		66	$ ssh-add -s 1
		67
		68	-markus,
		69	Tue Jul 17 23:54:51 CEST 2001


diff --git a/configure.in b/configure.in index d873054fa..94fbfc388 100644 --- a/configure.in +++ b/configure.in
@@ -1,4 +1,4 @@
1	# $Id: configure.in,v 1.310 2001/09/18 04:01:12 djm Exp $	1	# $Id: configure.in,v 1.311 2001/09/18 05:06:22 djm Exp $
2		2
3	AC_INIT(ssh.c)	3	AC_INIT(ssh.c)
4		4
@@ -2058,7 +2058,7 @@ fi
2058		2058
2059	AC_EXEEXT	2059	AC_EXEEXT
2060		2060
2061	AC_OUTPUT(Makefile openbsd-compat/Makefile ssh_prng_cmds)	2061	AC_OUTPUT(Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds)
2062		2062
2063	# Print summary of options	2063	# Print summary of options
2064		2064


diff --git a/scard/Makefile.in b/scard/Makefile.in new file mode 100644 index 000000000..53ac5e9a4 --- /dev/null +++ b/scard/Makefile.in
@@ -0,0 +1,27 @@
		1	# $Id: Makefile.in,v 1.1 2001/09/18 05:06:22 djm Exp $
		2
		3	prefix=@prefix@
		4	datadir=@datadir@
		5	srcdir=@srcdir@
		6	top_srcdir=@top_srcdir@
		7
		8	INSTALL=@INSTALL@
		9
		10	VPATH=@srcdir@
		11
		12	all:
		13
		14	Ssh.bin: Ssh.bin.uu
		15	uudecode Ssh.bin.uu
		16
		17	clean:
		18	rm -rf Ssh.bin
		19
		20	distprep: Ssh.bin
		21
		22	distclean: clean
		23	rm -f Makefile *~
		24
		25	install: Ssh.bin
		26	$(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
		27	$(INSTALL) -m 0644 -s $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin