Thursday, July 10, 2014

How to SSH with your Smart Card

If you have Linux servers, you must be familiar with SSH - Secure SHell. It is common for administrators to use strong authentication because they have the control of the entire company network and resources.

You can configure tools such as PuttySC, PuttyCAC or SecureCRT to use smart card credentials to SSH to your servers.

I made this video to show how it works, enjoy!

To configure your server for smart card authentication:
1. Extract the public key out of the certificate in the card, I run the following command:
pprint.exe -l "c:\Program Files (x86)\Gemalto\DotNet PKCS11\gtop11dotnet.dll"
2. Add the public key to ~/.sshd/authorized_keys on the server, it looks like this:
ssh-rsa AAAAB3NzaC1yc2EAAAAFAAABAAEAAACBANnQe0X1Rl6QezigIXlfe4uzBtKkI083/oL3fl3vfQKdpdwwlwit3ODAOh2qpfs97r+OYUQPY66knNCW/u6hX2hiQk5DXeMR1HuZXQRxGKBxJZAftRXO3pD6b3pfH7djnfudGpg8UMHUBoWDUJ1UMh60K/+0QUqAyKT42vexh1Kj token-key


Duncan said...

Where can the PKCS#11 library be obtained from?

Matthias B├╝chner said...

@Duncan, you can this library from your smart card vendor.