Hacker News new | ask | show | jobs
by closeparen 2178 days ago
OpenSSH doesn't do X.509, how would PIV mode or a smartcard help?
2 comments
Xylakant 2178 days ago
Yubikeys work in PIV mode with openssh, it just requires the necessary module and some invocation dance with ssh-agent https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PK... or Filippo Valsordas yubikey-agent https://github.com/FiloSottile/yubikey-agent
link
knorker 2177 days ago
What invocation dance?

This works:

"ssh -oPKCS11Provider=/path/to/opensc-pkcs11.so user@host.com"

Or you place that in your ~/.ssh/config

Host *

  PKCS11Provider /path/to/opensc-pkcs11.so
link
knorker 2178 days ago
Another guide, that doesn't even require yubico's PKCS11 module: https://ruimarinho.gitbooks.io/yubikey-handbook/content/ssh/...
link