Marc Wäckerlin
Für eine libertäre Gesellschaft

Combine PKCS11 (SuisseID) and SSH

August 10, 2012

Hits: 523

It would be nice to secure an SSH login with a PKCS#11 hardware token, such as SuisseID.

If you have got your SuisseID on an USB-Stick and installed the Linux Post SuisseID Software, it is extremly simple:

  1. Activate the PKCS#11 library:
    ssh-add -s /usr/lib/
  2. Exchange public PKCS#11 key with server:
    ssh-copy-id remote.server.url

Then you can ssh-login to host remote.server.url with your SuisseID.

user@host1:~$ ssh-add -s /usr/lib/ 
Enter passphrase for PKCS#11: 
Card added: /usr/lib/
user@host1:~$ ssh-copy-id host2
user@host2's password: 
Now try logging into the machine, with "ssh 'host2'", and check in:
to make sure we haven't added extra keys that you weren't expecting.
user@host1:~$ ssh host2

comments title