Previous Entry Share Next Entry
using gemalto smart card with openssh in Fedora 16
This is only memo post.

$ rpm -q openssh coolkey nss-util

$ modutil -list -dbdir /etc/pki/nssdb
Listing of PKCS #11 Modules
1. NSS Internal PKCS #11 Module
slots: 2 slots attached
status: loaded

slot: NSS Internal Cryptographic Services
token: NSS Generic Crypto Services

slot: NSS User Private Key and Certificate Services
token: NSS Certificate DB

2. CoolKey PKCS #11 Module
library name:
slots: 1 slot attached
status: loaded

slot: Gemalto GemPC Twin 00 00
token: accountid

$ ssh-keygen -D /usr/lib64/pkcs11/
ssh-rsa AAAAB3NzaC1yc .... oXEdVwIHDTuYM9KRW/6Q==
ssh-rsa AAAAB3NzaC1yc .... bFgPY1JMTokZSiHYkyhw==

$ ssh-keygen -D /usr/lib64/pkcs11/ | ssh malas cat \>\> .ssh/authorized_keys
user@malas's password: ***

$ ssh -I /usr/lib64/pkcs11/ malas
Enter PIN for 'accountid': ***
Last login: Thu Jan 19 16:02:17 2012 from localhost
[user@malas ~]$ logout

$ ssh-add -s /usr/lib64/pkcs11/
Enter passphrase for PKCS#11: ***
Card added: /usr/lib64/pkcs11/

$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQCEIfvLQ3ItOA+vG9TBbsmxtBQAvXHRtXaJuAORMXR1c2KBVfPZUakat47ZkKNK2yODgb3LHego/MNCriMg0kQB98ga5N6e2LnNRAHz21zArCER6L+fXbc8pfkB34aioTnLan1UTTacTqejKeBwDUBRuxoXEdVwIHDTuYM9KRW/6Q== /usr/lib64/pkcs11/
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAgQC22cHPLN/eCwR0WoPkXTZIZRqCtqW1oFkQPSVyy4/hVaoOnvVaFInDXQDC5RAF6VfLYKreWF0rS0erNefSE0P5bIyoP049nCG9suIViS5nlFmYCW7p8rd1k+zX78S/nldY8EPxy+VrDfHZ3jnXeMn2h2bFgPY1JMTokZSiHYkyhw== /usr/lib64/pkcs11/

$ ssh malas
Last login: Thu Jan 19 16:03:16 2012 from malas
[user@malas ~]$ logout

$ ssh-add -e /usr/lib64/pkcs11/
Enter passphrase for PKCS#11: ***
Card removed: /usr/lib64/pkcs11/

$ ssh-add -L
The agent has no identities.


Log in