===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/ssh/Attic/README.smartcard,v
retrieving revision 1.5.6.1
retrieving revision 1.6
diff -u -r1.5.6.1 -r1.6
--- src/usr.bin/ssh/Attic/README.smartcard	2002/05/17 00:03:23	1.5.6.1
+++ src/usr.bin/ssh/Attic/README.smartcard	2002/03/21 22:44:05	1.6
@@ -11,20 +11,11 @@
 		CFLAGS+=	-DSMARTCARD
 		LDADD+=	-lsectok
 
-(2) If you have used a previous version of ssh with your card, you
-    must remove the old applet and keys.
+(2) load the Java Cardlet to the Cyberflex card and set card passphrase:
 
 	$ sectok
 	sectok> login -d
 	sectok> junload Ssh.bin
-	sectok> delete 0012
-	sectok> delete sh
-	sectok> quit
-
-(3) load the Java Cardlet to the Cyberflex card and set card passphrase:
-
-	$ sectok
-	sectok> login -d
 	sectok> jload /usr/libdata/ssh/Ssh.bin
 	sectok> setpass
 	Enter new AUT0 passphrase: 
@@ -38,36 +29,29 @@
 	wrong passphrase three times in a row, you will
 	destroy your card.
 
-(4) load a RSA key to the card:
+	If you have loaded an older version of Ssh.bin on
+	your card previously, you must unload it and load
+	the new one.
 
+(3) load a RSA key to the card:
+
+	please don't use your production RSA keys, since
+	with the current version of sectok/ssh-keygen
+	the private key file is still readable
+
 	$ ssh-keygen -f /path/to/rsakey -U 1
 	(where 1 is the reader number, you can also try 0)
 
 	In spite of the name, this does not generate a key.
 	It just loads an already existing key on to the card.
 
-(5) tell the ssh client to use the card reader:
+(4) tell the ssh client to use the card reader:
 
 	$ ssh -I 1 otherhost
 
-(6) or tell the agent (don't forget to restart) to use the smartcard:
+(5) or tell the agent (don't forget to restart) to use the smartcard:
 
 	$ ssh-add -s 1
 
-(7) Optional: If you don't want to use a card passphrase, change the
-    acl on the private key file:
-
-	$ sectok
-	sectok> login -d
-	sectok> acl 0012 world: w 
-	 world: w 
-	 AUT0: w inval 
-	sectok> quit
-
-	If you do this, anyone who has access to your card
-	can assume your identity.  This is not recommended.
-
 -markus,
 Tue Jul 17 23:54:51 CEST 2001
-
-$OpenBSD: README.smartcard,v 1.5.6.1 2002/05/17 00:03:23 miod Exp $