--- wikisrc/tutorials/howto_bootstrap_the_ePass2003_smartcard.mdwn 2015/10/02 21:18:01 1.3
+++ wikisrc/tutorials/howto_bootstrap_the_ePass2003_smartcard.mdwn 2015/10/02 21:28:14 1.4
@@ -1,23 +1,23 @@
First you need to Install security/ccid + security/opensc and it's dependencies.
-Once installed, start the pcscd daemon:
+Once installed, start the pcscd daemon
- /etc/rc.d/pcscd onestart
+ # /etc/rc.d/pcscd onestart
-Check that OpenSC finds your ePass2003 smartcard
+Verify that OpenSC finds your ePass2003 smartcard
-
$ opensc-tool -n
+$ opensc-tool -n
Using reader with a card: Feitian ePass2003 00 00
epass2003
-Start by erasing the card:
+Start by erasing the card
$ pkcs15-init --erase-card
Bootstrap the ePass2003
- $ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org”
+$ pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label “pettai@NetBSD.org”
Using reader with a card: Feitian ePass2003 00 00
New User PIN.
Please enter User PIN:
@@ -29,14 +29,15 @@ Please type again to verify:
Generate a new RSA key on the card
- $ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org”
+$ pkcs15-init --generate-key rsa/2048 --key-usage sign,decrypt --auth-id 01 --label “pettai@NetBSD.org”
Using reader with a card: Feitian ePass2003 00 00
User PIN [User PIN] required.
Please enter User PIN [User PIN]:
+Check the ID of the generated key
- $ pkcs15-tool --dump
+$ pkcs15-tool --dump
Using reader with a card: Feitian ePass2003 00 00
PKCS#15 Card [pettai@NetBSD.org]:
Version : 0
@@ -81,17 +82,16 @@ Public RSA Key [pettai@NetBSD.org]
ID : 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
-Export the public key (and put it in your .ssh/authorized_keys
file on your remote host):
+Export the public key (and copy it to your .ssh/authorized_keys
file on your remote host)
- $ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
+$ pkcs15-tool --read-ssh-key 45d70cc6cdd46ce9914edcf6a81cb4fa60bf21ec
Using reader with a card: Feitian ePass2003 00 00
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl/O9hhKOos+1KkL7Q/jqrmSN9EXKFP86kZp+nRyCDErYBNiNl4PTGBfS7sx//suPIxzw8epmHR26JSIq0e0ZErjwBMTDzksUwLJ3+hOMgVnlInYPn+p569EcHiIWsKurfZBClllNHOMmTf3ZblbpN3+lwQUHNaUFECmLeh+wcDq6wGnHyCYF/UPUkqr/eiO2DkAYRhCgyPSfcM6a41H4hPWvo/HZgZvq3+Rpd0NHHHdleWfqHlGrdt00nzFV1TCsW16VhGh0KBfSfTKhH2WywqKGL5ik7SS5pFbD/rFSqn5Toc68hrkfbTbb5WBep2JM6htsSLuJ4079EKV3tIfpF pettai@NetBSD.org
-Use your smartcard private key then ssh:ing:
+Now you can use your smartcard's private key then ssh:ing to your remote host
-
-$ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost
+$ ssh -I /usr/pkg/lib/opensc-pkcs11.so pettai@localhost
Enter PIN for 'pettai@NetBSD.org (User PIN)':
Last login: Fri Oct 2 15:41:21 2015 from 109.105.104.135
NetBSD 7.99.19 (GENERIC) #0: Mon Jun 22 06:11:15 UTC 2015