some initial info about the smartcard support,

please try this if you have a TODOs reader/card

1 files changed, 47 insertions, 0 deletions

diff --git a/usr.bin/ssh/README.smartcard b/usr.bin/ssh/README.smartcard
new file mode 100644
index 00000000000..3cce6225d4b
--- /dev/null
+++ b/usr.bin/ssh/README.smartcard
@@ -0,0 +1,47 @@
+How to use smartcards with OpenSSH?
+
+OpenSSH contains experimental support for authentication using
+Cyberflex smartcards and TODOS card readers. To enable this you
+need to:
+
+(1) install sectok
+
+	$ cd /usr/src/lib/libsectok
+	$ make obj depend all install includes
+	$ cd /usr/src/usr.bin/sectok
+	$ make obj depend all install
+
+(2) enable SMARTCARD support in OpenSSH:
+
+	$ vi /usr/src/usr.bin/ssh/Makefile.inc
+	and uncomment
+		CFLAGS+=	-DSMARTCARD
+		LDADD+=	-lsectok
+
+(3) load the Java Cardlet to the Cyberflex card:
+
+	$ sectok
+	sectok> jaut
+	sectok> jload /usr/libdata/ssh/Ssh.bin
+	sectok> quit
+
+(4) load a RSA key to the card:
+
+	please don't use your production RSA keys, since
+	with the current version of sectok/ssh-keygen
+	the private key file is still readable
+
+	$ ssh-keygen -f /path/to/rsakey -u 1
+	(where 1 is the reader number, you can also try 0)
+
+
+(5) tell the ssh client to use the card reader:
+
+	$ ssh -I 1 otherhost
+
+(6) or tell the agent (don't forget to restart) to use the smartcard:
+
+	$ ssh-add -s 1
+
+-markus,
+Tue Jul 17 23:54:51 CEST 2001