hatter/yubikey
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
main
yubikey/pkcs11-ssh.md
Hatter Jiang 11ea448cac Update 'pkcs11-ssh.md'
2024-08-18 15:02:19 +08:00

960 B
Raw Permalink Blame History

OpenSC Official Repo: https://github.com/OpenSC/OpenSC
PKCS#11 libraries:

  • /Library/OpenSC/lib/opensc-pkcs11.so
  • /usr/local/lib/libykcs11.dylib

OpenSSH can work with PKCS#11:

ssh-keygen -D /Library/OpenSC/lib/opensc-pkcs11.so
ssh -I /Library/OpenSC/lib/opensc-pkcs11.so root@example.com

Config ~/.ssh/config also works:

PKCS11Provider /Library/OpenSC/lib/opensc-pkcs11.so

OpenSSH with PKCS#11 aliases:

alias ssh-keygeni='ssh-keygen -D /Library/OpenSC/lib/opensc-pkcs11.so'
alias sshi='ssh -I /Library/OpenSC/lib/opensc-pkcs11.so'
alias sshif='ssh -o "ForwardAgent yes" -I /Library/OpenSC/lib/opensc-pkcs11.so'
alias scpi='scp -o "PKCS11Provider /Library/OpenSC/lib/opensc-pkcs11.so"'

Reference

  1. https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/SSH.md
  2. https://github.com/ThomasHabets/simple-tpm-pk11
  3. https://ubuntu.com/server/docs/smart-card-authentication-with-ssh
Reference in New Issue View Git Blame Copy Permalink