src/usr.bin/ssh/README.smartcard - diff

Return to README.smartcard CVS log

Up to [local] / src / usr.bin / ssh

Diff for /src/usr.bin/ssh/Attic/README.smartcard between version 1.5.4.2 and 1.6

version 1.5.4.2, 2002/06/02 22:56:09

version 1.6, 2002/03/21 22:44:05

Line 11

CFLAGS+= -DSMARTCARD

LDADD+= -lsectok

(2) If you have used a previous version of ssh with your card, you

(2) load the Java Cardlet to the Cyberflex card and set card passphrase:

must remove the old applet and keys.

$ sectok

sectok> login -d

sectok> junload Ssh.bin

sectok> delete 0012

sectok> delete sh

sectok> quit

(3) load the Java Cardlet to the Cyberflex card and set card passphrase:

$ sectok

sectok> login -d

sectok> jload /usr/libdata/ssh/Ssh.bin

sectok> setpass

Enter new AUT0 passphrase:

Line 38

Line 29

wrong passphrase three times in a row, you will

destroy your card.

(4) load a RSA key to the card:

If you have loaded an older version of Ssh.bin on

your card previously, you must unload it and load

the new one.

(3) load a RSA key to the card:

please don't use your production RSA keys, since

with the current version of sectok/ssh-keygen

the private key file is still readable

$ ssh-keygen -f /path/to/rsakey -U 1

(where 1 is the reader number, you can also try 0)

In spite of the name, this does not generate a key.

It just loads an already existing key on to the card.

(5) tell the ssh client to use the card reader:

(4) tell the ssh client to use the card reader:

$ ssh -I 1 otherhost

(6) or tell the agent (don't forget to restart) to use the smartcard:

(5) or tell the agent (don't forget to restart) to use the smartcard:

$ ssh-add -s 1

(7) Optional: If you don't want to use a card passphrase, change the

acl on the private key file:

$ sectok

sectok> login -d

sectok> acl 0012 world: w

world: w

AUT0: w inval

sectok> quit

If you do this, anyone who has access to your card

can assume your identity. This is not recommended.

-markus,

Tue Jul 17 23:54:51 CEST 2001

$OpenBSD$