[Smartsign-devel] New OpenSSH-MCard release
Status: Pre-Alpha
Brought to you by:
kefren
Menu
▾
▴
[Smartsign-devel] New OpenSSH-MCard release
|
From: Tommaso C. <ke...@ti...> - 2003-01-15 09:17:37
|
I'm posting this message again because it had a wrong subject. I apologize for the repetition. -- Tommaso Cucinotta wrote: > > Hi all, > > I'm currently working on an update to the OpenSSH-CardEdge package, > the modified OpenSSH with MuscleCard smart card support (i.e. JavaCard > with MuscleCard Applet, Cryptoflex, etc...). > > Please, check out the unofficial URL: > > http://feanor.sssup.it/~tommaso/openssh3-mcard.tgz > > and submit comments to the Smart Sign mailing list: > > mailto:sma...@li... > > It has been compiled with RedHat7.3, OpenSSL 0.9.6g (yes, it still > requires a separate OpenSSL installation) and PCSC-Lite-1.x. > > Please, read the README, as there are syntax changes w/respect to > previous release. Now you can choose at invokation-time the MuscleCard > key numbers to use, both during key generation and usage. Also a few > tests with multiple keypairs have been done. > > In short (go to message bottom for furhter details): > > > eval `./ssh-agent` > > ./ssh-keygen -t rsa-sc[:prv_key_num[:pub_key_num]] > > ./ssh-add sc:[prv_key_num[:pub_key_num]] > > I'm gathering feedback/comments so to come up with a new release for > the next week. > > Bye, > T. > > -- > > ************************************************************ > This is a modified version of the OpenSSH-3.5p1 source tree for > Linux. It contains an experimental version of a smartcard module for > use with MuscleCard supported smart cards. This package has been > modified and adapted as a part of the Smart Sign project: > > http://smartsign.sourceforge.net > > SUMMARY OF CHANGES: > > - Requires PCSC-Lite, a smart card reader and its driver for PCSC-Lite, > a MuscleCard supported smart card and its Plugin > > - Enabling Muscle Card module during configuration > > ./configure --with-musclecard[=path] --with-ssl-dir=/usr/local/ssl > If path is omitted, default is /usr/local. > If you are using a RedHat release >= 7.0, you need to recompile the > OpenSSL > library with NO ENGINE SUPPORT, place it somewhere in your system > (default is /usr/local/ssl), and tell to OpenSSH-MCard where it is. > > - Building modified programs > > . make > > Please, use and install **ONLY** ssh-agent, ssh-keygen and ssh-add. > Other OpenSSH programs get compiled exactly the same, but with more > link > dependencies. > > - ssh-agent > > . Launch as usual, here you don't need anything special > . EXAMPLE: eval `./ssh-agent` > > - ssh-keygen > > . Launch with the '-t rsa-sc' option to generate a > keypair and store it on the smartcard. > Try a 'eval `./ssh-agent`; ssh-add -L' to view > new identity public information. > . Launch with '-t rsa-sc[:prv[:pub]]' with optional > private and public key number(s) to customize the > MuscleCard key numbers to be used during generation. > . Launch as usual to generate file-based key pairs. > . EXAMPLE: ./ssh-keygen -t rsa-sc > . EXAMPLE: ./ssh-keygen -t rsa-sc:3:2 > > - ssh-add > > . Launch using the special sc:[prv_nb[:pub_nb]] URI-like notation to > add > a smartcard identity. You will be prompted for the smartcard PIN > protecting the key (usage of the private key). > . The optional prv_nb and pub_nb parameters specify key numbers > identifying a keypair onto the smart-card. These numbers must be the > same as provided in the ssh-keygen program when generating the keys. > . You can also use keys generated or imported using other programs > (i.e. XCardII); you just need to know their numbers. Public key > should > be always readable. > . Launch as usual to add other (file) identities > . Use 'ssh-add -L' to view all the loaded identities, > both file and smart card ones. > . After adding the identity, you can use the normal ssh > client to connect to a remote server using the smartcard > . EXAMPLE: ./ssh-add sc: > . EXAMPLE: ./ssh-add sc:3:2 > > - Customizing behaviour > > This module uses default card PIN, public and private key > numbers as specified in the file muscle-card/Makefile.in, > under the "Customization options" section. You can change > the default values, if you need it. > The provided default value for the PIN number is compatible > with the MuscleCard release coming with PCSC-Lite v1.1.1. > Default key numbers to be used during key generation can be > overriden with the '-t rsa-sc[:prv[:pub]]' ssh-keygen syntax > and the 'sc:[prv[:pub]]' URI-like ssh-add notation. > > - Note > > This module does not use any certificates for key > management. > > - For further information, please, refer to the SmartSign > mailing list: > > sma...@li... > > TODO > > - Allow selection of the smartcard reader / token in case of multiple > ones available > - Ameliorate syntax > ************************************************************ > > ------------------------------------------------------- > This SF.NET email is sponsored by: FREE SSL Guide from Thawte > are you planning your Web Server Security? Click here to get a FREE > Thawte SSL guide and find the answers to all your SSL security issues. > http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en > _______________________________________________ > Smartsign-users mailing list > Sma...@li... > https://lists.sourceforge.net/lists/listinfo/smartsign-users -- ,------------------------------------------------. | Dr. Tommaso Cucinotta <t.c...@ss...> | >------------------------------------------------< ! Scuola Superiore di Studi Universitari ! ! e Perfezionamento S.Anna ! ! Pisa Italy ! `------------------------------------------------' |
