1 How to use smartcards with OpenSSH?
3 OpenSSH contains experimental support for authentication using
4 Cyberflex smartcards and TODOS card readers.
6 WARNING: Smartcard support is still in development. Keyfile formats, etc
7 are still subject to change.
9 To enable this you need to:
13 Sources are instructions are available from
14 http://www.citi.umich.edu/projects/smartcard/sectok.html
16 (2) enable SMARTCARD support in OpenSSH:
18 $ ./configure --with-smartcard [options]
20 You can also specify a path to libsectok:
22 $ ./configure --with-smartcard=/path/to/libsectok [options]
24 (3) load the Java Cardlet to the Cyberflex card:
28 sectok> jload /usr/libdata/ssh/Ssh.bin
31 (4) load a RSA key to the card:
33 please don't use your production RSA keys, since
34 with the current version of sectok/ssh-keygen
35 the private key file is still readable
37 $ ssh-keygen -f /path/to/rsakey -U 1
38 (where 1 is the reader number, you can also try 0)
40 In spite of the name, this does not generate a key.
41 It just loads an already existing key on to the card.
45 Change the card password so that only you can
53 This prevents reading the key but not use of the
54 key by the card applet.
56 Do not forget the passphrase. There is no way to
59 IMPORTANT WARNING: If you attempt to login with the
60 wrong passphrase three times in a row, you will
63 (6) tell the ssh client to use the card reader:
67 (7) or tell the agent (don't forget to restart) to use the smartcard:
72 Tue Jul 17 23:54:51 CEST 2001
andersk / gssapi-openssh.git / blob