I use a yubi key for my ssh authentication. But I’ve other ssh keys for my remote services so wanted something that allows me to take a backup of my keys see this post for more information on to backup/restore a SmartCard-HSM
Create your first ssh keypair
Verify your smartcard connection
Insert you smartcard and verify the connection, see my previous post if you need more information about the smartcard initialization
1 2 3 4 5 6 7 8 9 10 11 12 13 |
|
Create your keypair
Create your ssh key pair and give the a meaningful label
1 2 3 4 5 6 7 8 9 10 11 12 13 |
|
Extract your public key
We used PKCS11 to generate the keypair, PKCS15 is designed identify users to applications.
Dump the token content
Dump the token content to get the id of your ssh keypair.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 |
|
Get the public key
1 2 3 4 |
|
Configure the remote host
Add the key to the remote host
1 2 |
|
Test the connection
Test you ssh connection with the PKCS11 interface:
1 2 |
|
With the PKCS11 interface enabled:
1 2 3 4 5 6 7 8 |
|
Update your ssh_config
Add PKCS11Provider opensc-pkcs11.so to your ~/.ssh/config or your global ssh_config
1 2 3 4 |
|
Have fun …