- (djm) More makefile infrastructre for smartcard support, also based
on Ben's work
This commit is contained in:
Damien Miller
parent
ff5f47e230
commit
d97c2ceed1
|
|
@ -2,6 +2,8 @@
|
|||
- (djm) Configure support for smartcards. Based on Ben's work.
|
||||
- (djm) Revert setgroups call, it causes problems on OS-X
|
||||
- (djm) Avoid warning on BSDgetopt
|
||||
- (djm) More makefile infrastructre for smartcard support, also based
|
||||
on Ben's work
|
||||
|
||||
20010917
|
||||
- (djm) x11-ssh-askpass-1.2.4 in RPM spec, revert workarounds
|
||||
|
|
@ -6462,4 +6464,4 @@
|
|||
- Wrote replacements for strlcpy and mkdtemp
|
||||
- Released 1.0pre1
|
||||
|
||||
$Id: ChangeLog,v 1.1527 2001/09/18 05:05:20 djm Exp $
|
||||
$Id: ChangeLog,v 1.1528 2001/09/18 05:06:21 djm Exp $
|
||||
|
|
|
|||
11
Makefile.in
11
Makefile.in
|
|
@ -1,10 +1,11 @@
|
|||
# $Id: Makefile.in,v 1.185 2001/09/17 21:34:33 tim Exp $
|
||||
# $Id: Makefile.in,v 1.186 2001/09/18 05:06:22 djm Exp $
|
||||
|
||||
prefix=@prefix@
|
||||
exec_prefix=@exec_prefix@
|
||||
bindir=@bindir@
|
||||
sbindir=@sbindir@
|
||||
libexecdir=@libexecdir@
|
||||
datadir=@datadir@
|
||||
mandir=@mandir@
|
||||
mansubdir=@mansubdir@
|
||||
sysconfdir=@sysconfdir@
|
||||
|
|
@ -149,6 +150,7 @@ distclean:
|
|||
rm -f *.out core
|
||||
rm -f Makefile config.h config.status ssh_prng_cmds *~
|
||||
(cd openbsd-compat; $(MAKE) distclean)
|
||||
(cd scard; $(MAKE) distclean)
|
||||
|
||||
veryclean:
|
||||
rm -f configure config.h.in *.0
|
||||
|
|
@ -169,14 +171,19 @@ catman-do:
|
|||
|
||||
distprep: catman-do
|
||||
autoreconf
|
||||
(cd scard ; $(MAKE) -f Makefile.in distprep)
|
||||
|
||||
install: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files host-key
|
||||
install-nokeys: $(CONFIGFILES) $(MANPAGES) $(TARGETS) install-files
|
||||
|
||||
install-files:
|
||||
scard-install:
|
||||
(cd scard; $(MAKE) DESTDIR=$(DESTDIR) install)
|
||||
|
||||
install-files: scard-install
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(bindir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(sbindir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)1
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(mandir)/$(mansubdir)8
|
||||
$(srcdir)/mkinstalldirs $(DESTDIR)$(libexecdir)
|
||||
|
|
|
|||
|
|
@ -0,0 +1,69 @@
|
|||
How to use smartcards with OpenSSH?
|
||||
|
||||
OpenSSH contains experimental support for authentication using
|
||||
Cyberflex smartcards and TODOS card readers. To enable this you
|
||||
need to:
|
||||
|
||||
(1) install sectok
|
||||
|
||||
$ cd /usr/src/lib/libsectok
|
||||
$ make obj depend all install includes
|
||||
$ cd /usr/src/usr.bin/sectok
|
||||
$ make obj depend all install
|
||||
|
||||
(2) enable SMARTCARD support in OpenSSH:
|
||||
|
||||
$ vi /usr/src/usr.bin/ssh/Makefile.inc
|
||||
and uncomment
|
||||
CFLAGS+= -DSMARTCARD
|
||||
LDADD+= -lsectok
|
||||
|
||||
(3) load the Java Cardlet to the Cyberflex card:
|
||||
|
||||
$ sectok
|
||||
sectok> login -d
|
||||
sectok> jload /usr/libdata/ssh/Ssh.bin
|
||||
sectok> quit
|
||||
|
||||
(4) load a RSA key to the card:
|
||||
|
||||
please don't use your production RSA keys, since
|
||||
with the current version of sectok/ssh-keygen
|
||||
the private key file is still readable
|
||||
|
||||
$ ssh-keygen -f /path/to/rsakey -U 1
|
||||
(where 1 is the reader number, you can also try 0)
|
||||
|
||||
In spite of the name, this does not generate a key.
|
||||
It just loads an already existing key on to the card.
|
||||
|
||||
(5) optional:
|
||||
|
||||
Change the card password so that only you can
|
||||
read the private key:
|
||||
|
||||
$ sectok
|
||||
sectok> login -d
|
||||
sectok> setpass
|
||||
sectok> quit
|
||||
|
||||
This prevents reading the key but not use of the
|
||||
key by the card applet.
|
||||
|
||||
Do not forget the passphrase. There is no way to
|
||||
recover if you do.
|
||||
|
||||
IMPORTANT WARNING: If you attempt to login with the
|
||||
wrong passphrase three times in a row, you will
|
||||
destroy your card.
|
||||
|
||||
(6) tell the ssh client to use the card reader:
|
||||
|
||||
$ ssh -I 1 otherhost
|
||||
|
||||
(7) or tell the agent (don't forget to restart) to use the smartcard:
|
||||
|
||||
$ ssh-add -s 1
|
||||
|
||||
-markus,
|
||||
Tue Jul 17 23:54:51 CEST 2001
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
# $Id: configure.in,v 1.310 2001/09/18 04:01:12 djm Exp $
|
||||
# $Id: configure.in,v 1.311 2001/09/18 05:06:22 djm Exp $
|
||||
|
||||
AC_INIT(ssh.c)
|
||||
|
||||
|
|
@ -2058,7 +2058,7 @@ fi
|
|||
|
||||
AC_EXEEXT
|
||||
|
||||
AC_OUTPUT(Makefile openbsd-compat/Makefile ssh_prng_cmds)
|
||||
AC_OUTPUT(Makefile openbsd-compat/Makefile scard/Makefile ssh_prng_cmds)
|
||||
|
||||
# Print summary of options
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,27 @@
|
|||
# $Id: Makefile.in,v 1.1 2001/09/18 05:06:22 djm Exp $
|
||||
|
||||
prefix=@prefix@
|
||||
datadir=@datadir@
|
||||
srcdir=@srcdir@
|
||||
top_srcdir=@top_srcdir@
|
||||
|
||||
INSTALL=@INSTALL@
|
||||
|
||||
VPATH=@srcdir@
|
||||
|
||||
all:
|
||||
|
||||
Ssh.bin: Ssh.bin.uu
|
||||
uudecode Ssh.bin.uu
|
||||
|
||||
clean:
|
||||
rm -rf Ssh.bin
|
||||
|
||||
distprep: Ssh.bin
|
||||
|
||||
distclean: clean
|
||||
rm -f Makefile *~
|
||||
|
||||
install: Ssh.bin
|
||||
$(top_srcdir)/mkinstalldirs $(DESTDIR)$(datadir)
|
||||
$(INSTALL) -m 0644 -s $(srcdir)/Ssh.bin $(DESTDIR)$(datadir)/Ssh.bin
|
||||
Loading…
Reference in New Issue