Combine PKCS11 (SuisseID) and SSH
It would be nice to secure an SSH login with a PKCS#11 hardware token, such as SuisseID.
If you have got your SuisseID on an USB-Stick and installed the Linux Post SuisseID Software, it is extremly simple:
Activate the PKCS#11 library:
ssh-add -s /usr/lib/libcvP11.so
Exchange public PKCS#11 key with server:
Then you can ssh-login to host remote.server.url with your SuisseID.
user@host1:~$ ssh-add -s /usr/lib/libcvP11.so Enter passphrase for PKCS#11: Card added: /usr/lib/libcvP11.so user@host1:~$ ssh-copy-id host2 user@host2's password: Now try logging into the machine, with "ssh 'host2'", and check in: ~/.ssh/authorized_keys to make sure we haven't added extra keys that you weren't expecting. user@host1:~$ ssh host2 user@host2:~$