diff options
| author | Markus Friedl <markus@cvs.openbsd.org> | 2010-02-08 19:19:34 +0000 |
|---|---|---|
| committer | Markus Friedl <markus@cvs.openbsd.org> | 2010-02-08 19:19:34 +0000 |
| commit | 8dd69e77271b6ddf791dde509765bdaea87c051c (patch) | |
| tree | 327738f29a7017dd92784816b1a2fa2dc5e09e38 /usr.bin/ssh | |
| parent | c200826cfb3d00fb625585ed559f6049726f3fc1 (diff) | |
obsolete
Diffstat (limited to 'usr.bin/ssh')
| -rw-r--r-- | usr.bin/ssh/README.smartcard | 73 |
1 files changed, 0 insertions, 73 deletions
diff --git a/usr.bin/ssh/README.smartcard b/usr.bin/ssh/README.smartcard deleted file mode 100644 index faeb641cd6a..00000000000 --- a/usr.bin/ssh/README.smartcard +++ /dev/null @@ -1,73 +0,0 @@ -How to use smartcards with OpenSSH? - -OpenSSH contains experimental support for authentication using -Cyberflex smartcards and TODOS card readers. To enable this you -need to: - -(1) enable SMARTCARD support in OpenSSH: - - $ vi /usr/src/usr.bin/ssh/Makefile.inc - and uncomment - CFLAGS+= -DSMARTCARD - LDADD+= -lsectok - -(2) If you have used a previous version of ssh with your card, you - must remove the old applet and keys. - - $ sectok - sectok> login -d - sectok> junload Ssh.bin - sectok> delete 0012 - sectok> delete sh - sectok> quit - -(3) load the Java Cardlet to the Cyberflex card and set card passphrase: - - $ sectok - sectok> login -d - sectok> jload /usr/libdata/ssh/Ssh.bin - sectok> setpass - Enter new AUT0 passphrase: - Re-enter passphrase: - sectok> quit - - Do not forget the passphrase. There is no way to - recover if you do. - - IMPORTANT WARNING: If you attempt to login with the - wrong passphrase three times in a row, you will - destroy your card. - -(4) load a RSA key to the card: - - $ ssh-keygen -f /path/to/rsakey -U 1 - (where 1 is the reader number, you can also try 0) - - In spite of the name, this does not generate a key. - It just loads an already existing key on to the card. - -(5) tell the ssh client to use the card reader: - - $ ssh -I 1 otherhost - -(6) or tell the agent (don't forget to restart) to use the smartcard: - - $ ssh-add -s 1 - -(7) Optional: If you don't want to use a card passphrase, change the - acl on the private key file: - - $ sectok - sectok> login -d - sectok> acl 0012 world: w - world: w - AUT0: w inval - sectok> quit - - If you do this, anyone who has access to your card - can assume your identity. This is not recommended. - --markus, -Tue Jul 17 23:54:51 CEST 2001 - -$OpenBSD: README.smartcard,v 1.9 2003/11/21 11:57:02 djm Exp $ |