Update 'pkcs11-ssh.md'

2024-06-30 23:53:50 +08:00
parent 2a2f50125e
commit 4bc55677ec
1 changed files with 0 additions and 0 deletions
--- a/pkcs11-ssh.md
+++ b/pkcs11-ssh.md
@@ -0,0 +1,31 @@
+> OpenSC Official Repo: https://github.com/OpenSC/OpenSC <br>
+> Yubikey's PKCS#11 library works too: `/usr/local/lib/libykcs11.dylib`
+
+OpenSSH can work with PKCS#11:
+```shell
+ssh-keygen -D /Library/OpenSC/lib/opensc-pkcs11.so
+ssh -I /Library/OpenSC/lib/opensc-pkcs11.so root@example.com
+```
+
+Config `~/.ssh/config` also works:
+
+```plain
+PKCS11Provider /Library/OpenSC/lib/opensc-pkcs11.so
+```
+
+<br>
+
+OpenSSH with PKCS#11 aliases:
+```
+alias ssh-keygeni='ssh-keygen -D /Library/OpenSC/lib/opensc-pkcs11.so'
+alias sshi='ssh -I /Library/OpenSC/lib/opensc-pkcs11.so'
+alias sshif='ssh -o "ForwardAgent yes" -I /Library/OpenSC/lib/opensc-pkcs11.so'
+alias scpi='scp -o "PKCS11Provider /Library/OpenSC/lib/opensc-pkcs11.so"'
+```
+
+<br>
+
+# Reference
+1. https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/SSH.md
+1. https://github.com/ThomasHabets/simple-tpm-pk11
+1. https://ubuntu.com/server/docs/smart-card-authentication-with-ssh