红帽全球峰会6.4. Configuring SSH access using smart card authentication
SSH connections require authentication. You can use a password or a certificate. Follow this procedure to enable authentication using a certificate stored on a smart card.
For details about configuring smart cards with authselect, see Configuring smart cards using authselect.
Prerequisites
- The smart card contains your certificate and private key.
- The card is inserted in the reader and connected to the computer.
The
pcscdservice is running on your local machine.For details, see Installing tools for managing and using smart cards.
Procedure
Create a new directory for SSH keys in the home directory of the user who uses smart card authentication:
# mkdir /home/<example_user>/.sshRun the
ssh-keygen -Dcommand with theopensclibrary to retrieve the existing public key paired with the private key on the smart card, and add it to theauthorized_keyslist of the user’s SSH keys directory to enable SSH access with smart card authentication.# ssh-keygen -D /usr/lib64/pkcs11/opensc-pkcs11.so >> ~<example_user>/.ssh/authorized_keysSSH requires access right configuration for the
/.sshdirectory and theauthorized_keysfile. To set or change the access rights, enter:# chown -R <example_user:example_user> ~<example_user>/.ssh/ # chmod 700 ~<example_user>/.ssh/ # chmod 600 ~<example_user>/.ssh/authorized_keys
Verification
Display the keys:
# cat ~<example_user>/.ssh/authorized_keysThe terminal displays the keys.
You can verify the SSH access with the following command:
# ssh -I /usr/lib64/opensc-pkcs11.so -l <example_user> localhost hostnameIf the configuration is successful, you are prompted to enter the smart card PIN.
The configuration works now locally. Now you can copy the public key and distribute it to authorized_keys files located on all servers on which you want to use SSH.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}