The output of the previous command can directly be added into the authorized_keys file of an OpenSSH server (located in the. Ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtAIZsaRaP0rfaocuFsoZcpEhXldk2aboX3MPZAfnaHSvdp5YjfnCv8JEp0xsoDVrIE6J85rtmOt74hzOf8sc/XiCM59HpCIRKzJm9amYQfK5J+Vkcm+Rkz4AtU1R/g5PAlSDxDNj9FtdaREZu1EhPidyweoO4T1GRZxQLF9PVwRRAhps/YDb0JKKbCo7UXdXxZJeGxBidTyRfdC1EJ7xnd07Em0gGup/6K6wFz7IsZhYC2w9OLB80b0YHMs43EoFqQiHzqxNeAK90kLBCzqmfKU9tJ19qMNoO1S9gEhn9sjtbFEETJk4wF0/MqN/2i6dP8BjWbQqZOQ784TmcaG0N RSA2k48 Fortunately, there is a command to do just that: >pkcs15-tool.exe -read-ssh-key 00 To use this key pair with SSH, we need to export the Public part in the right format. Some tokens also support some Elliptic Curves, but OpenSC's PKCS#15 tools could only create RSA keys up until recently, though I believe it's also possible to use OpenSC's PKCS#11 tools to create keys on the token. Note: Not all key sizes are supported by all tokens. >pkcs15-tool.exe -list-keys -list-public-keysĪccess Flags :, sensitive, alwaysSensitive, neverExtract, local I then created a new RSA key pair: >pkcs15-init.exe -verify-pin -auth-id 80 -generate-key rsa/2048 -key-usage sign,decrypt -label "RSA2k48" Length : min_len:4, max_len:15, stored_len:0
PUTTY SSH AUTHENTICATION WINDOWS
So I installed the latest release of OpenSC for Windows and verified it worked: >opensc-tool.exe -list-readers Unfortunately, WSL does not support libusb ( yet?), meaning it's not possible. Since OpenSC and OpenSSL are Unix tools, my first instinct was to use WSL (Windows Subsystem for Linux) to access the token.
PUTTY SSH AUTHENTICATION HOW TO
Thanks to my job, I already had (some) experience with OpenSSL, OpenSC, PKCS#11 and PKCS#15, and it's not like these technology are new, so I was expecting it would be simply a matter of finding the right commands.Īfter I managed to enable the Smart Card capability of the token, I continued with the Feitian guide on how to use their product with SSH authentication. The idea is simple: Public Key Authentication for SSH is well documented, I just want my private key to live on my hardware token instead of being a file on my hard drive.
Or the result of several hours of fumbling around trying to use my new Feitian ePass Smart Card to login on my ssh server with asymmetric cryptography. Using SSH Public Key Authentication with a Smart Card
0 kommentar(er)
