RepoMirrors/openssh
1
0
Fork 0
mirror of git://anongit.mindrot.org/openssh.git synced 2025-01-29 21:22:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

- (djm) Re-merge OpenSC info into README.smartcard

Browse Source
This commit is contained in:
Damien Miller 2003-06-10 21:09:09 +10:00
parent c18c06e131
commit 78f2e5ca98
2 changed files with 37 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@ -1,5 +1,6 @@
20030609
- (djm) Sync README.smartcard with OpenBSD -current
- (djm) Re-merge OpenSC info into README.smartcard
20030606
- (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@
@ -479,4 +480,4 @@
- Fix sshd BindAddress and -b options for systems using fake-getaddrinfo.
Report from murple@murple.net, diagnosis from dtucker@zip.com.au
$Id: ChangeLog,v 1.2791 2003/06/10 08:55:22 djm Exp $
$Id: ChangeLog,v 1.2792 2003/06/10 11:09:09 djm Exp $

48
README.smartcard
View File

@ -1,13 +1,15 @@
How to use smartcards with OpenSSH?
OpenSSH contains experimental support for authentication using
Cyberflex smartcards and TODOS card readers. To enable this you
Cyberflex smartcards and TODOS card readers, in addition to the cards
with PKCS#15 structure supported by OpenSC. To enable this you
need to:
(1) enable SMARTCARD support in OpenSSH:
Using libsectok:
$ ./configure --with-smartcard [...]
and rebuild
(1) enable sectok support in OpenSSH:
$ ./configure --with-sectok
(2) If you have used a previous version of ssh with your card, you
must remove the old applet and keys.
@ -44,15 +46,7 @@ need to:
In spite of the name, this does not generate a key.
It just loads an already existing key on to the card.
(5) tell the ssh client to use the card reader:
$ ssh -I 1 otherhost
(6) or tell the agent (don't forget to restart) to use the smartcard:
$ ssh-add -s 1
(7) Optional: If you don't want to use a card passphrase, change the
(5) Optional: If you don't want to use a card passphrase, change the
acl on the private key file:
$ sectok
@ -65,6 +59,34 @@ need to:
If you do this, anyone who has access to your card
can assume your identity. This is not recommended.
Using OpenSC:
(1) install OpenSC:
Sources and instructions are available from
http://www.opensc.org/
(2) enable OpenSC support in OpenSSH:
$ ./configure --with-opensc[=/path/to/opensc] [options]
(3) load a RSA key to the card:
Not supported yet.
Common operations:
(1) tell the ssh client to use the card reader:
$ ssh -I 1 otherhost
(2) or tell the agent (don't forget to restart) to use the smartcard:
$ ssh-add -s 1
-markus,
Tue Jul 17 23:54:51 CEST 2001