Keith Henrickson <[EMAIL PROTECTED]> writes: > I use SSH all the time to access a couple of secure systems that are > accessable ONLY by SSH, and so I would find an SSH client that had > been modified to fit on a smartcard to be very useful. > As far as I understand it, the ssh client is *not* modified. Instead, the ISO7xxx filesystem on the card is mounted into the standard directory tree (say, under /var/smartcard), with a link from your ~home/.ssh/identity to /var/smartcard. ssh then accesses information on the smartcard transparently, with an independent PIN-entry "popup" on the controlling tty. This means your ssh key is not stored on the usual filesystem (and is not cached, either), but root can still steal it by reading from the smartcard or by patching the userspace daemon that asks for your passphrase. You canīt have the RSA calculation done on the smartcard, either (thus preventing yourkey from leaving the card) Regards, -- Jan Iven Rechenzentrum, Universitaet des Saarlandes Tel. ++49 +681 302-3623 Fax. ++49 +681 302-4462 *************************************************************** Linux Smart Card Developers - M.U.S.C.L.E. (Movement for the Use of Smart Cards in a Linux Environment) http://www.linuxnet.com/smartcard/index.html ***************************************************************
