Friday, July 11, 2014

How to SSH with your Smart Card

If you have Linux servers, you must be familiar with SSH - Secure SHell. It is common for administrators to use strong authentication because they have the control of the entire company network and resources.

You can configure tools such as PuttySC, PuttyCAC or SecureCRT to use smart card credentials to SSH to your servers.

I made this video to show how it works, enjoy!


To configure your server for smart card authentication:
1. Extract the public key out of the certificate in the card, I run the following command:
pprint.exe -l "c:\Program Files (x86)\Gemalto\DotNet PKCS11\gtop11dotnet.dll"
2. Add the public key to ~/.sshd/authorized_keys on the server, it looks like this:
ssh-rsa AAAAB3NzaC1yc2EAAAAFAAABAAEAAACBANnQe0X1Rl6QezigIXlfe4uzBtKkI083/oL3fl3vfQKdpdwwlwit3ODAOh2qpfs97r+OYUQPY66knNCW/u6hX2hiQk5DXeMR1HuZXQRxGKBxJZAftRXO3pD6b3pfH7djnfudGpg8UMHUBoWDUJ1UMh60K/+0QUqAyKT42vexh1Kj token-key


Posted by Matt Buchner at 5:11 AM

4 comments:

Duncan said...

Where can the PKCS#11 library be obtained from?

October 16, 2014 at 1:08 PM
Matt Buchner said...

@Duncan, you can this library from your smart card vendor.

October 17, 2014 at 12:13 AM
Uros said...

Hi,

where can i find pprint tool?

January 3, 2018 at 11:09 AM
Matt Buchner said...

Uros,

pprint is available here
http://www.joebar.ch/puttysc/pprint.exe

January 3, 2018 at 5:24 PM

Post a Comment

Subscribe to: Post Comments (Atom)