On 5/11/2011 4:08 PM, Technical Support wrote:
Steve One of our Army clients (USAMITC) is asking if we know of any Unix based SSH client and or server which will support CAC certificate based authentication other then Tectia. Are you aware of any?
Have a look at the OpenSC page. http://www.opensc-project.org/opensc/wiki/OpenSSH This combined with the OpenSC opensc-pkcs11.so and the PIV card driver should work. Ubuntu Maverick will have ssh-pkcs11-helper: http://manpages.ubuntu.com/manpages/maverick/man8/ssh-pkcs11-helper.8.html The OpenSC opensc-pkcs11.so can be used with the ssh_add -s RedHat may have something too, using the Mozilla NSS. http://ryandlane.com/blog/2008/12/08/using-nss-with-openssh-for-smart-card-login/ The Mozilla "Security devices" are pkcs11 shared libs, so the opensc-pkcs11.so could be used here. (I have not tried any of these with SSH but do use PIV with Thunderbird, Firefox via the Security device.) http://www.opensc-project.org/opensc/wiki/UnitedStatesPIV
Ken InterSoft International, Inc. Voice:888-823-1541 Fax:866-701-1260 or 888-823-1542 [email protected] http://www.securenetterm.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
-- Douglas E. Engert <[email protected]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
