From a1864983631b0e289d82f3568e4f6a07eec22606 Mon Sep 17 00:00:00 2001 From: djm Date: Tue, 10 Jun 2003 11:09:09 +0000 Subject: [PATCH 1/1] - (djm) Re-merge OpenSC info into README.smartcard --- ChangeLog | 1 + README.smartcard | 48 +++++++++++++++++++++++++++++++++++------------- 2 files changed, 36 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index f705b7a6..8ffec6dc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,6 @@ 20030609 - (djm) Sync README.smartcard with OpenBSD -current + - (djm) Re-merge OpenSC info into README.smartcard 20030606 - (dtucker) [uidswap.c] Fix setreuid and add missing args to fatal(). ok djm@ diff --git a/README.smartcard b/README.smartcard index 7bbb0753..88810fc8 100644 --- a/README.smartcard +++ b/README.smartcard @@ -1,13 +1,15 @@ How to use smartcards with OpenSSH? OpenSSH contains experimental support for authentication using -Cyberflex smartcards and TODOS card readers. To enable this you +Cyberflex smartcards and TODOS card readers, in addition to the cards +with PKCS#15 structure supported by OpenSC. To enable this you need to: -(1) enable SMARTCARD support in OpenSSH: +Using libsectok: - $ ./configure --with-smartcard [...] - and rebuild +(1) enable sectok support in OpenSSH: + + $ ./configure --with-sectok (2) If you have used a previous version of ssh with your card, you must remove the old applet and keys. @@ -44,15 +46,7 @@ need to: In spite of the name, this does not generate a key. It just loads an already existing key on to the card. -(5) tell the ssh client to use the card reader: - - $ ssh -I 1 otherhost - -(6) or tell the agent (don't forget to restart) to use the smartcard: - - $ ssh-add -s 1 - -(7) Optional: If you don't want to use a card passphrase, change the +(5) Optional: If you don't want to use a card passphrase, change the acl on the private key file: $ sectok @@ -65,6 +59,34 @@ need to: If you do this, anyone who has access to your card can assume your identity. This is not recommended. + +Using OpenSC: + +(1) install OpenSC: + + Sources and instructions are available from + http://www.opensc.org/ + +(2) enable OpenSC support in OpenSSH: + + $ ./configure --with-opensc[=/path/to/opensc] [options] + +(3) load a RSA key to the card: + + Not supported yet. + + +Common operations: + +(1) tell the ssh client to use the card reader: + + $ ssh -I 1 otherhost + +(2) or tell the agent (don't forget to restart) to use the smartcard: + + $ ssh-add -s 1 + + -markus, Tue Jul 17 23:54:51 CEST 2001 -- 2.45.2