Finally: Login via SSH authentication with OpenPGP smart card
& 100% Free Software PCMCIA reader
Alon Bar-Lev
alon.barlev at gmail.com
Mon Feb 13 12:04:24 CET 2006
Georg C. F. Greve wrote:
> * Remote SSH logins with crypto card authentication
>
> Problem two was to do remote logins via SSH with authentication
> through the smart card. There was a problem with the gpg-agent that
> did not do PIN caching, and thus was somewhat annoying to use in real
> life. Werner just addressed this problem, and now it works rather
> flawlessly.
>
> The gpg-agent replaces the ssh-agent for authentication, and it is
> possible to do remote securely authenticated OpenSSH logins. You can
> find information here:
>
> http://www.fsfe.org/fellows/greve/freedom_bits/authenticating_ssh_logins_with_the_fellowship_crypto_card
>
Are you aware of the PKCS#11 for OpenSSH solution
(http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=113977188917865&w=2)?
PKCS#11 is a standard interface to access cryptographic
tokens, the OpenSSH patch support the use of any PKCS#11
provider with OpenSSH.
I just hope that someday OpenPGP card will also have PKCS#11
provider, so it can be used by other applications, and the
other way around... gpg will use PKCS#11 providers in order
to support many card types.
Best Regards,
Alon Bar-Lev.
More information about the Gnupg-users
mailing list