Annotation of src/usr.bin/ssh/README.smartcard, Revision 1.2
1.1 markus 1: How to use smartcards with OpenSSH?
2:
3: OpenSSH contains experimental support for authentication using
4: Cyberflex smartcards and TODOS card readers. To enable this you
5: need to:
6:
7: (1) install sectok
8:
9: $ cd /usr/src/lib/libsectok
10: $ make obj depend all install includes
11: $ cd /usr/src/usr.bin/sectok
12: $ make obj depend all install
13:
14: (2) enable SMARTCARD support in OpenSSH:
15:
16: $ vi /usr/src/usr.bin/ssh/Makefile.inc
17: and uncomment
18: CFLAGS+= -DSMARTCARD
19: LDADD+= -lsectok
20:
21: (3) load the Java Cardlet to the Cyberflex card:
22:
23: $ sectok
1.2 ! rees 24: sectok> login -d
1.1 markus 25: sectok> jload /usr/libdata/ssh/Ssh.bin
26: sectok> quit
27:
28: (4) load a RSA key to the card:
29:
30: please don't use your production RSA keys, since
31: with the current version of sectok/ssh-keygen
32: the private key file is still readable
33:
34: $ ssh-keygen -f /path/to/rsakey -u 1
35: (where 1 is the reader number, you can also try 0)
36:
1.2 ! rees 37: In spite of the name, this does not generate a key.
! 38: It just loads an already existing key on to the card.
1.1 markus 39:
40: (5) tell the ssh client to use the card reader:
41:
42: $ ssh -I 1 otherhost
43:
44: (6) or tell the agent (don't forget to restart) to use the smartcard:
45:
46: $ ssh-add -s 1
47:
48: -markus,
49: Tue Jul 17 23:54:51 CEST 2001