Using OpenSSH with smartcards Why use OpenSSH with smart ...

More documents

Recommendations

Info

Using OpenSSH with smartcards Mac OS X 10.8 Mac OS X 10.8 (Mountain Lion) does not support PKCS#11. Mac OS X 10.7 / 10.6 Mac OS X 10.7 (Lion) and Mac OS X 10.6 (Leopard) ship with a recent versiosn of OpenSSH, which supports smartcards. If you are running Mac OS X 10.6, simply upgrade your system and skip this page Mac OS X 10.5 Mac OS X 10.5 ships with OpenSSH 5.2p1, which is outdated: $ /usr/bin/ssh -v OpenSSH_5.2p1, OpenSSL 0.9.7l 28 Sep 2006 OpenSSH 5.5p1 is available from MacPorts [3] Installing MacPorts will give you access to a vast repository of Free Software. The only drawback is that MacPorts does not provide binaries. During installation, compilation is automatic. Installing MacPorts To install MacPorts, read our MacPorts tutorial [4]. Installing OpenSSH client To install openssh client, run the following commands: $ sudo port -d selfupdate $ sudo port install openssh ---> Computing dependencies for openssh ---> Dependencies to be installed: openssl zlib xauth pkgconfig xorg-libXext xorg-libX11 xorg-bigreqsproto xorg-inputproto xorg-kbproto xorg-libXau xorg-xproto xorg-libXdmcp xorg-util-macros xorg-xcmiscproto xorg-xextproto xorg-xf86bigfontproto xorg-xtrans xorg-libXmu xorg-libXt xorg-libsm xorg-libice This will automatically compile OpenSSH and its dependencies. If you are running a slow G4 computer, buy you a beer, it can take up to several hours! Note: Mac OS X ships with OpenSSL 0.97. Installing OpenSSH recent version requires OpenSSL 0.98. MacPorts may stop and ask you to upgrade OpenSSL. Enter the command and continue installation. In the end of installation process, the installer will also ask you to start OpenSSH server: ########################################################### # A startup item has been generated that will aid in # starting openssh with launchd. It is disabled # by default. Execute the following command to start it, # and to cause it to launch at startup: # # sudo port load openssh ########################################################### Copyright GOOZE 2010-2011 http://www.gooze.eu 4 / 15
Using OpenSSH with smartcards Do not run this command, as you will continue using Mac OS X integrated OpenSSH server. Testing OpenSSH installation Please note that the legacy OpenSSH server and client from Apple is not removed. The newer version of OpenSSH is installed in /opt/local/ tree. Now the common SSH commands point to the MacPorts OpenSSH installation: $ which ssh ssh-agent ssh-add /opt/local/bin/ssh /opt/local/bin/ssh-agent /opt/local/bin/ssh-add Query ssh version: $ ssh -v OpenSSH_5.5p1, OpenSSL 0.9.8o 01 Jun 2010 usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec] [-D [bind_address:]port] [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file] [-L [bind_address:]port:host:hostport] [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port] [-R [bind_address:]port:host:hostport] [-S ctl_path] [-W host:port] [-w local_tun[:remote_tun]] [user@]hostname [command] You are running the cutting-age ssh 5.5p1, which supports smartcards. Configuring launchd to run ssh-agent on startup Now we need to make sure that ssh-agent 5.5p1 is running on startup. Open the following file: /System/Library/LaunchAgents/org.openbsd.ssh-agent.plist Replace the line: /usr/bin/ssh-agent With: /opt/local/bin/ssh-agent To lauch ssh-agent automatically, you will also need to fix credentials: $sudo chown root:wheel /opt/local/bin/ssh* Reboot Mac OS X. Copyright GOOZE 2010-2011 http://www.gooze.eu 5 / 15
Page 1 and 2: Using OpenSSH with smartcards Publi
Page 3: Using OpenSSH with smartcards You s
Page 7 and 8: Using OpenSSH with smartcards This
Page 9 and 10: Using OpenSSH with smartcards franc
Page 11 and 12: Using OpenSSH with smartcards Using
Page 13 and 14: Using OpenSSH with smartcards Altho
Page 15: Using OpenSSH with smartcards Enter

Using OpenSSH with smartcards Why use OpenSSH with smart ...

Create successful ePaper yourself

Delete template?

Save as template?