- (djm) More makefile infrastructre for smartcard support, also based
on Ben's work
This commit is contained in:
parent
ff5f47e230
commit
d97c2ceed1
|
@ -2,6 +2,8 @@
|
||||||
- (djm) Configure support for smartcards. Based on Ben's work.
|
- (djm) Configure support for smartcards. Based on Ben's work.
|
||||||
- (djm) Revert setgroups call, it causes problems on OS-X
|
- (djm) Revert setgroups call, it causes problems on OS-X
|
||||||
- (djm) Avoid warning on BSDgetopt
|
- (djm) Avoid warning on BSDgetopt
|
||||||
|
- (djm) More makefile infrastructre for smartcard support, also based
|
||||||
|
on Ben's work
|
||||||
|
|
||||||
20010917
|
20010917
|
||||||
- (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
|
- (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
|
||||||
|
@ -6462,4 +6464,4 @@
|
||||||
- Wrote replacements for strlcpy and mkdtemp
|
- Wrote replacements for strlcpy and mkdtemp
|
||||||
- Released 1.0pre1
|
- Released 1.0pre1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.1527 2001/09/18 05:05:20 djm Exp $
|
$Id: ChangeLog,v 1.1528 2001/09/18 05:06:21 djm Exp $
|
||||||
|
|
11
Makefile.in
11
Makefile.in
|
@ -1,10 +1,11 @@
|
||||||
# $Id: Makefile.in,v 1.185 2001/09/17 21:34:33 tim Exp $
|
# $Id: Makefile.in,v 1.186 2001/09/18 05:06:22 djm Exp $
|
||||||
|
|
||||||
prefix=@prefix@
|
prefix=@prefix@
|
||||||
exec_prefix=@exec_prefix@
|
exec_prefix=@exec_prefix@
|
||||||
bindir=@bindir@
|
bindir=@bindir@
|
||||||
sbindir=@sbindir@
|
sbindir=@sbindir@
|
||||||
libexecdir=@libexecdir@
|
libexecdir=@libexecdir@
|
||||||
|
datadir=@datadir@
|
||||||
mandir=@mandir@
|
mandir=@mandir@
|
||||||
mansubdir=@mansubdir@
|
mansubdir=@mansubdir@
|
||||||
sysconfdir=@sysconfdir@
|
sysconfdir=@sysconfdir@
|
||||||
|
@ -149,6 +150,7 @@ distclean:
|
||||||
rm -f *.out core
|
rm -f *.out core
|
||||||
rm -f Makefile config.h config.status ssh_prng_cmds *~
|
rm -f Makefile config.h config.status ssh_prng_cmds *~
|
||||||
(cd openbsd-compat; $(MAKE) distclean)
|
(cd openbsd-compat; $(MAKE) distclean)
|
||||||
|
(cd scard; $(MAKE) distclean)
|
||||||
|
|
||||||
veryclean:
|
veryclean:
|
||||||
rm -f configure config.h.in *.0
|
rm -f configure config.h.in *.0
|
||||||
|
@ -169,14 +171,19 @@ catman-do:
|
||||||
|
|
||||||
distprep: catman-do
|
distprep: catman-do
|
||||||
autoreconf
|
autoreconf
|
||||||
|
(cd scard ; $(MAKE) -f Makefile.in distprep)
|
||||||
|
|
||||||
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
|
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
|
||||||
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
|
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
|
||||||
|
|
||||||
install-files:
|
scard-install:
|
||||||
|
(cd scard; $(MAKE) DESTDIR=$(DESTDIR) install)
|
||||||
|
|
||||||
|
install-files: scard-install
|
||||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
|
||||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
|
||||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
|
||||||
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
|
||||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
|
||||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
|
||||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
|
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
|
||||||
|
|
|
@ -0,0 +1,69 @@
|
||||||
|
How to use smartcards with OpenSSH?
|
||||||
|
|
||||||
|
OpenSSH contains experimental support for authentication using
|
||||||
|
Cyberflex smartcards and TODOS card readers. To enable this you
|
||||||
|
need to:
|
||||||
|
|
||||||
|
(1) install sectok
|
||||||
|
|
||||||
|
$ cd /usr/src/lib/libsectok
|
||||||
|
$ make obj depend all install includes
|
||||||
|
$ cd /usr/src/usr.bin/sectok
|
||||||
|
$ make obj depend all install
|
||||||
|
|
||||||
|
(2) enable SMARTCARD support in OpenSSH:
|
||||||
|
|
||||||
|
$ vi /usr/src/usr.bin/ssh/Makefile.inc
|
||||||
|
and uncomment
|
||||||
|
CFLAGS+= -DSMARTCARD
|
||||||
|
LDADD+= -lsectok
|
||||||
|
|
||||||
|
(3) load the Java Cardlet to the Cyberflex card:
|
||||||
|
|
||||||
|
$ sectok
|
||||||
|
sectok> login -d
|
||||||
|
sectok> jload /usr/libdata/ssh/Ssh.bin
|
||||||
|
sectok> quit
|
||||||
|
|
||||||
|
(4) load a RSA key to the card:
|
||||||
|
|
||||||
|
please don't use your production RSA keys, since
|
||||||
|
with the current version of sectok/ssh-keygen
|
||||||
|
the private key file is still readable
|
||||||
|
|
||||||
|
$ ssh-keygen -f /path/to/rsakey -U 1
|
||||||
|
(where 1 is the reader number, you can also try 0)
|
||||||
|
|
||||||
|
In spite of the name, this does not generate a key.
|
||||||
|
It just loads an already existing key on to the card.
|
||||||
|
|
||||||
|
(5) optional:
|
||||||
|
|
||||||
|
Change the card password so that only you can
|
||||||
|
read the private key:
|
||||||
|
|
||||||
|
$ sectok
|
||||||
|
sectok> login -d
|
||||||
|
sectok> setpass
|
||||||
|
sectok> quit
|
||||||
|
|
||||||
|
This prevents reading the key but not use of the
|
||||||
|
key by the card applet.
|
||||||
|
|
||||||
|
Do not forget the passphrase. There is no way to
|
||||||
|
recover if you do.
|
||||||
|
|
||||||
|
IMPORTANT WARNING: If you attempt to login with the
|
||||||
|
wrong passphrase three times in a row, you will
|
||||||
|
destroy your card.
|
||||||
|
|
||||||
|
(6) tell the ssh client to use the card reader:
|
||||||
|
|
||||||
|
$ ssh -I 1 otherhost
|
||||||
|
|
||||||
|
(7) or tell the agent (don't forget to restart) to use the smartcard:
|
||||||
|
|
||||||
|
$ ssh-add -s 1
|
||||||
|
|
||||||
|
-markus,
|
||||||
|
Tue Jul 17 23:54:51 CEST 2001
|
|
@ -1,4 +1,4 @@
|
||||||
# $Id: configure.in,v 1.310 2001/09/18 04:01:12 djm Exp $
|
# $Id: configure.in,v 1.311 2001/09/18 05:06:22 djm Exp $
|
||||||
|
|
||||||
AC_INIT(ssh.c)
|
AC_INIT(ssh.c)
|
||||||
|
|
||||||
|
@ -2058,7 +2058,7 @@ fi
|
||||||
|
|
||||||
AC_EXEEXT
|
AC_EXEEXT
|
||||||
|
|
||||||
AC_OUTPUT(Makefile openbsd-compat/Makefile ssh_prng_cmds)
|
AC_OUTPUT(Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds)
|
||||||
|
|
||||||
# Print summary of options
|
# Print summary of options
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,27 @@
|
||||||
|
# $Id: Makefile.in,v 1.1 2001/09/18 05:06:22 djm Exp $
|
||||||
|
|
||||||
|
prefix=@prefix@
|
||||||
|
datadir=@datadir@
|
||||||
|
srcdir=@srcdir@
|
||||||
|
top_srcdir=@top_srcdir@
|
||||||
|
|
||||||
|
INSTALL=@INSTALL@
|
||||||
|
|
||||||
|
VPATH=@srcdir@
|
||||||
|
|
||||||
|
all:
|
||||||
|
|
||||||
|
Ssh.bin: Ssh.bin.uu
|
||||||
|
uudecode Ssh.bin.uu
|
||||||
|
|
||||||
|
clean:
|
||||||
|
rm -rf Ssh.bin
|
||||||
|
|
||||||
|
distprep: Ssh.bin
|
||||||
|
|
||||||
|
distclean: clean
|
||||||
|
rm -f Makefile *~
|
||||||
|
|
||||||
|
install: Ssh.bin
|
||||||
|
$(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
|
||||||
|
$(INSTALL) -m 0644 -s $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin
|
Loading…
Reference in New Issue