From f6195f2be82cae07660db8f7c3039567f37ffa74 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Apr 2002 22:48:46 +1000 Subject: - (djm) Applied OpenSC smartcard updates from Markus & Antti Tapaninen --- README.smartcard | 60 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 34 insertions(+), 26 deletions(-) (limited to 'README.smartcard') diff --git a/README.smartcard b/README.smartcard index 3017452c..29bec8dc 100644 --- a/README.smartcard +++ b/README.smartcard @@ -1,31 +1,23 @@ How to use smartcards with OpenSSH? -OpenSSH contains experimental support for authentication using -Cyberflex smartcards and TODOS card readers, in addition to the cards with -PKCS #15 structure supported by OpenSC. +OpenSSH contains experimental support for authentication using Cyberflex +smartcards and TODOS card readers, in addition to the cards with PKCS#15 +structure supported by OpenSC. -WARNING: Smartcard support is still in development. Keyfile formats, etc -are still subject to change. +WARNING: Smartcard support is still in development. +Keyfile formats, etc are still subject to change. -To enable this you need to: +To enable sectok support: -(1) install sectok or OpenSC +(1) install sectok: - Sources are instructions are available from + Sources and instructions are available from http://www.citi.umich.edu/projects/smartcard/sectok.html - or - - http://www.opensc.org/ - -(2) enable SMARTCARD support in OpenSSH: +(2) enable sectok support in OpenSSH: $ ./configure --with-sectok[=/path/to/libsectok] [options] - or - - $ ./configure --with-opensc[=/path/to/opensc] [options] - (3) load the Java Cardlet to the Cyberflex card: $ sectok @@ -35,12 +27,11 @@ To enable this you need to: (4) load a RSA key to the card: - please don't use your production RSA keys, since + Please don't use your production RSA keys, since with the current version of sectok/ssh-keygen - the private key file is still readable + the private key file is still readable. - $ ssh-keygen -f /path/to/rsakey -U 1 - (where 1 is the reader number, you can also try 0) + $ ssh-keygen -f /path/to/rsakey -U In spite of the name, this does not generate a key. It just loads an already existing key on to the card. @@ -65,13 +56,30 @@ To enable this you need to: wrong passphrase three times in a row, you will destroy your card. -(6) tell the ssh client to use the card reader: +To enable OpenSC support: + +(1) install OpenSC: + + Sources and instructions are available from + http://www.opensc.org/ + +(2) enable OpenSC support in OpenSSH: + + $ ./configure --with-opensc[=/path/to/opensc] [options] + +(3) load a RSA key to the card: + + Not supported yet. + +Common smartcard options: + +(1) tell the ssh client to use the card reader: - $ ssh -I 1 otherhost + $ ssh -I otherhost -(7) or tell the agent (don't forget to restart) to use the smartcard: +(2) or tell the agent (don't forget to restart) to use the smartcard: - $ ssh-add -s 1 + $ ssh-add -s -markus, -Tue Jul 17 23:54:51 CEST 2001 +Sat Apr 13 13:48:10 EEST 2002 -- cgit v1.2.3