cod3fr3ak
May 9th, 2005, 08:46
I was wondering if I could get some suggestions concerning a project I am trying to get up and running here at work. Basically I want to use smart cards for remote ssh authentication and access. in particular I am using DoD CAC cards. However just getting my ssh client (windows) to read my smart card and pass the authentication data to the ssh server. It can be certificate based or some other method. Any help would be appreciated.

Strog
May 9th, 2005, 09:33
I've looked at this a couple times but the application fell through for it at work so I never took it too much further than that. What I did find is that it probably would make it a lot easier to handle with a ssh agent instead of the ssh client itself. I've seen some discussions of adding it to Pagent (putty's agent) and there are supposed to be some patches out there for it.

There's theOpenSC (http://www.opensc.org/) project but the Windows side is incomplete so far. A quick googling turned up a commercial ssh agent (http://www.securenetterm.com/html/securekeyagent.html) and I'm sure there's more out there that might suit your needs.

I'd be interested to hear how this works out for you. Keep us posted. :wink:

cod3fr3ak
May 11th, 2005, 07:45
Thanks for theinfo I'll try to keep this thread updated.
I've been toying with somehow using LDAP with SASL to accomplish this but i don't know enough about LDAP. But i think it handles GSSAPI, and my ssh client has "some" deprecated GSSAPI support (SecureCRT, from VanDyke).