1 files changed, 69 insertions, 0 deletions
diff --git a/README.smartcard b/README.smartcard
new file mode 100644
index 000000000..499dc8ed6
--- /dev/null
+++ b/README.smartcard
@@ -0,0 +1,69 @@
+How to use smartcards with OpenSSH?
+OpenSSH contains experimental support for authentication using
+Cyberflex smartcards and TODOS card readers. To enable this you
+need to:
+(1) install sectok
+        $ cd /usr/src/lib/libsectok
+        $ make obj depend all install includes
+        $ cd /usr/src/usr.bin/sectok
+        $ make obj depend all install
+(2) enable SMARTCARD support in OpenSSH:
+        $ vi /usr/src/usr.bin/ssh/Makefile.inc
+        and uncomment
+                CFLAGS+=        -DSMARTCARD
+                LDADD+= -lsectok
+(3) load the Java Cardlet to the Cyberflex card:
+        $ sectok
+        sectok> login -d
+        sectok> jload /usr/libdata/ssh/Ssh.bin
+        sectok> quit
+(4) load a RSA key to the card:
+        please don't use your production RSA keys, since
+        with the current version of sectok/ssh-keygen
+        the private key file is still readable
+        $ ssh-keygen -f /path/to/rsakey -U 1
+        (where 1 is the reader number, you can also try 0)
+        In spite of the name, this does not generate a key.
+        It just loads an already existing key on to the card.
+(5) optional:
+        Change the card password so that only you can
+        read the private key:
+        $ sectok
+        sectok> login -d
+        sectok> setpass
+        sectok> quit
+        This prevents reading the key but not use of the
+        key by the card applet.
+        Do not forget the passphrase.  There is no way to
+        recover if you do.
+        IMPORTANT WARNING: If you attempt to login with the
+        wrong passphrase three times in a row, you will
+        destroy your card.
+(6) tell the ssh client to use the card reader:
+        $ ssh -I 1 otherhost
+(7) or tell the agent (don't forget to restart) to use the smartcard:
+        $ ssh-add -s 1
+-markus,
+Tue Jul 17 23:54:51 CEST 2001

diff --git a/README.smartcard b/README.smartcard new file mode 100644 index 000000000..499dc8ed6 --- /dev/null +++ b/README.smartcard
@@ -0,0 +1,69 @@
	1	How to use smartcards with OpenSSH?
	2
	3	OpenSSH contains experimental support for authentication using
	4	Cyberflex smartcards and TODOS card readers. To enable this you
	5	need to:
	6
	7	(1) install sectok
	8
	9	$ cd /usr/src/lib/libsectok
	10	$ make obj depend all install includes
	11	$ cd /usr/src/usr.bin/sectok
	12	$ make obj depend all install
	13
	14	(2) enable SMARTCARD support in OpenSSH:
	15
	16	$ vi /usr/src/usr.bin/ssh/Makefile.inc
	17	and uncomment
	18	CFLAGS+= -DSMARTCARD
	19	LDADD+= -lsectok
	20
	21	(3) load the Java Cardlet to the Cyberflex card:
	22
	23	$ sectok
	24	sectok> login -d
	25	sectok> jload /usr/libdata/ssh/Ssh.bin
	26	sectok> quit
	27
	28	(4) load a RSA key to the card:
	29
	30	please don't use your production RSA keys, since
	31	with the current version of sectok/ssh-keygen
	32	the private key file is still readable
	33
	34	$ ssh-keygen -f /path/to/rsakey -U 1
	35	(where 1 is the reader number, you can also try 0)
	36
	37	In spite of the name, this does not generate a key.
	38	It just loads an already existing key on to the card.
	39
	40	(5) optional:
	41
	42	Change the card password so that only you can
	43	read the private key:
	44
	45	$ sectok
	46	sectok> login -d
	47	sectok> setpass
	48	sectok> quit
	49
	50	This prevents reading the key but not use of the
	51	key by the card applet.
	52
	53	Do not forget the passphrase. There is no way to
	54	recover if you do.
	55
	56	IMPORTANT WARNING: If you attempt to login with the
	57	wrong passphrase three times in a row, you will
	58	destroy your card.
	59
	60	(6) tell the ssh client to use the card reader:
	61
	62	$ ssh -I 1 otherhost
	63
	64	(7) or tell the agent (don't forget to restart) to use the smartcard:
	65
	66	$ ssh-add -s 1
	67
	68	-markus,
	69	Tue Jul 17 23:54:51 CEST 2001