TechDocs/CardHowtos/SshOpenSuse

Using the FellowshipCard for ssh login to a remote system (here: remote.host under OpenSUSE

This has been tested with openSuse 13.1 running KDE4 desktop

Verify setup

enabling gpg-agent

OpenSUSE usually starts both ssh-agent and gpg-agent which is unnecessary and causes problems. As gpg-agent is a replacement for ssh-agent, the later has to be disabled.

As root edit /etc/X11/xdm/sys.xsession and disable ssh-agent by commenting out the usessh line. The file should look like this:

#
# sys.xsession: Login for an X session, will be executed
#               by the Xsession script of the xdm with
#               the help of the login shell of the user.
#

#
# If ssh is configured and ssh-agent is wanted set "yes"
#
#usessh=yes

#
# If gpg is configured and gpg-agent is wanted set "yes"
#
usegpg=yes
 [...]

Then log off and log in again in order to start a new X11-Session.

using ssh

use the command ssh-add -L to list the public part of your authentication key

$ ssh-add -L
ssh-rsa AAAAB3NzaC1yc2EAAAADzH+OGdUvxYIkYqPuk6OuL4gmxuFP5Tn5x
PWlMKubqSjXf9C/uXKEee5akPgqMA6T5GGUHwy3VM9rHWaBt2iwYtJR2v0ols
4gp3B+iYyNLvY6PaGwShNc16tnTMiJWn cardno:0005000011FD

Copy the output of ssh-add -L to the remote host and add it to the file .ssh/authorized_keys on said remote host.

user@remote.host:~>$ cat .ssh/authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADzH+OGdUvxYIkYqPuk6OuL4gmxuFP5Tn5x
PWlMKubqSjXf9C/uXKEee5akPgqMA6T5GGUHwy3VM9rHWaBt2iwYtJR2v0ols
4gp3B+iYyNLvY6PaGwShNc16tnTMiJWn cardno:0005000011FD

Now you can log-on via ssh, type ssh user@remote.host, and you will be asked for your FellowshipCard-PIN


Category/HowTo

TechDocs/CardHowtos/SshOpenSuse (last edited 2016-05-07 17:19:28 by jzarl)