diff options
Diffstat (limited to 'crypto/openssh/README.smartcard')
| -rw-r--r-- | crypto/openssh/README.smartcard | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/crypto/openssh/README.smartcard b/crypto/openssh/README.smartcard deleted file mode 100644 index 29bec8dc64e9..000000000000 --- a/crypto/openssh/README.smartcard +++ /dev/null @@ -1,85 +0,0 @@ -How to use smartcards with OpenSSH? - -OpenSSH contains experimental support for authentication using Cyberflex -smartcards and TODOS card readers, in addition to the cards with PKCS#15 -structure supported by OpenSC. - -WARNING: Smartcard support is still in development. -Keyfile formats, etc are still subject to change. - -To enable sectok support: - -(1) install sectok: - - Sources and instructions are available from - http://www.citi.umich.edu/projects/smartcard/sectok.html - -(2) enable sectok support in OpenSSH: - - $ ./configure --with-sectok[=/path/to/libsectok] [options] - -(3) load the Java Cardlet to the Cyberflex card: - - $ sectok - sectok> login -d - sectok> jload /usr/libdata/ssh/Ssh.bin - sectok> quit - -(4) load a RSA key to the card: - - Please don't use your production RSA keys, since - with the current version of sectok/ssh-keygen - the private key file is still readable. - - $ ssh-keygen -f /path/to/rsakey -U <readernum, eg. 0> - - In spite of the name, this does not generate a key. - It just loads an already existing key on to the card. - -(5) optional: - - Change the card password so that only you can - read the private key: - - $ sectok - sectok> login -d - sectok> setpass - sectok> quit - - This prevents reading the key but not use of the - key by the card applet. - - Do not forget the passphrase. There is no way to - recover if you do. - - IMPORTANT WARNING: If you attempt to login with the - wrong passphrase three times in a row, you will - destroy your card. - -To enable OpenSC support: - -(1) install OpenSC: - - Sources and instructions are available from - http://www.opensc.org/ - -(2) enable OpenSC support in OpenSSH: - - $ ./configure --with-opensc[=/path/to/opensc] [options] - -(3) load a RSA key to the card: - - Not supported yet. - -Common smartcard options: - -(1) tell the ssh client to use the card reader: - - $ ssh -I <readernum, eg. 0> otherhost - -(2) or tell the agent (don't forget to restart) to use the smartcard: - - $ ssh-add -s <readernum, eg. 0> - --markus, -Sat Apr 13 13:48:10 EEST 2002 |