=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/README.smartcard,v retrieving revision 1.5.2.1 retrieving revision 1.6 diff -u -r1.5.2.1 -r1.6 --- src/usr.bin/ssh/Attic/README.smartcard 2001/09/27 18:27:43 1.5.2.1 +++ src/usr.bin/ssh/Attic/README.smartcard 2002/03/21 22:44:05 1.6 @@ -4,29 +4,37 @@ Cyberflex smartcards and TODOS card readers. To enable this you need to: -(1) install sectok +(1) enable SMARTCARD support in OpenSSH: - $ cd /usr/src/lib/libsectok - $ make obj depend all install includes - $ cd /usr/src/usr.bin/sectok - $ make obj depend all install - -(2) enable SMARTCARD support in OpenSSH: - $ vi /usr/src/usr.bin/ssh/Makefile.inc and uncomment CFLAGS+= -DSMARTCARD LDADD+= -lsectok -(3) load the Java Cardlet to the Cyberflex card: +(2) load the Java Cardlet to the Cyberflex card and set card passphrase: $ sectok sectok> login -d + sectok> junload Ssh.bin sectok> jload /usr/libdata/ssh/Ssh.bin + sectok> setpass + Enter new AUT0 passphrase: + Re-enter passphrase: sectok> quit -(4) load a RSA key to the card: + Do not forget the passphrase. There is no way to + recover if you do. + IMPORTANT WARNING: If you attempt to login with the + wrong passphrase three times in a row, you will + destroy your card. + + If you have loaded an older version of Ssh.bin on + your card previously, you must unload it and load + the new one. + +(3) load a RSA key to the card: + please don't use your production RSA keys, since with the current version of sectok/ssh-keygen the private key file is still readable @@ -37,31 +45,11 @@ In spite of the name, this does not generate a key. It just loads an already existing key on to the card. -(5) optional: +(4) tell the ssh client to use the card reader: - Change the card password so that only you can - read the private key: - - $ sectok - sectok> login -d - sectok> setpass - sectok> quit - - This prevents reading the key but not use of the - key by the card applet. - - Do not forget the passphrase. There is no way to - recover if you do. - - IMPORTANT WARNING: If you attempt to login with the - wrong passphrase three times in a row, you will - destroy your card. - -(6) tell the ssh client to use the card reader: - $ ssh -I 1 otherhost -(7) or tell the agent (don't forget to restart) to use the smartcard: +(5) or tell the agent (don't forget to restart) to use the smartcard: $ ssh-add -s 1