Previous Entry Share Next Entry
using gemalto smart card with openssh in Fedora 16
bachradsusi
This is only memo post.


$ rpm -q openssh coolkey nss-util
openssh-5.8p2-23.fc16.x86_64
coolkey-1.1.0-19.fc15.x86_64
nss-util-3.13.1-3.fc16.x86_64

$ modutil -list -dbdir /etc/pki/nssdb
Listing of PKCS #11 Modules
-----------------------------------------------------------
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded

slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services

slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB

2. CoolKey PKCS #11 Module
library name: libcoolkeypk11.so
slots: 1 slot attached
status: loaded

slot: Gemalto GemPC Twin 00 00
token: accountid
-----------------------------------------------------------

$ ssh-keygen -D /usr/lib64/pkcs11/libcoolkeypk11.so
ssh-rsa AAAAB3NzaC1yc .... oXEdVwIHDTuYM9KRW/6Q==
ssh-rsa AAAAB3NzaC1yc .... bFgPY1JMTokZSiHYkyhw==

$ ssh-keygen -D /usr/lib64/pkcs11/libcoolkeypk11.so | ssh malas cat \>\> .ssh/authorized_keys
user@malas's password: ***

$ ssh -I /usr/lib64/pkcs11/libcoolkeypk11.so malas
Enter PIN for 'accountid': ***
Last login: Thu Jan 19 16:02:17 2012 from localhost
[user@malas ~]$ logout

$ ssh-add -s /usr/lib64/pkcs11/libcoolkeypk11.so
Enter passphrase for PKCS#11: ***
Card added: /usr/lib64/pkcs11/libcoolkeypk11.so

$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCEIfvLQ3ItOA+vG9TBbsmxtBQAvXHRtXaJuAORMXR1c2KBVfPZUakat47ZkKNK2yODgb3LHego/MNCriMg0kQB98ga5N6e2LnNRAHz21zArCER6L+fXbc8pfkB34aioTnLan1UTTacTqejKeBwDUBRuxoXEdVwIHDTuYM9KRW/6Q== /usr/lib64/pkcs11/libcoolkeypk11.so
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC22cHPLN/eCwR0WoPkXTZIZRqCtqW1oFkQPSVyy4/hVaoOnvVaFInDXQDC5RAF6VfLYKreWF0rS0erNefSE0P5bIyoP049nCG9suIViS5nlFmYCW7p8rd1k+zX78S/nldY8EPxy+VrDfHZ3jnXeMn2h2bFgPY1JMTokZSiHYkyhw== /usr/lib64/pkcs11/libcoolkeypk11.so

$ ssh malas
Last login: Thu Jan 19 16:03:16 2012 from malas
[user@malas ~]$ logout

$ ssh-add -e /usr/lib64/pkcs11/libcoolkeypk11.so
Enter passphrase for PKCS#11: ***
Card removed: /usr/lib64/pkcs11/libcoolkeypk11.so

$ ssh-add -L
The agent has no identities.


?

Log in