Using the FellowshipCard for ssh login to a remote system (here: remote.host under OpenSUSE
This has been tested with openSuse 13.1 running KDE4 desktop
Check the presence of an authentication key on the card
$ gpg --card-status
The output of this command should include a line similar to this:
Authentication key: 11AB 0A37 6FF8 83D6 42B9 8A15 5F25 3E41 A065 FC87 created ....: 2014-10-01 08:07:43If not, create such a key.
Check your ssh setup
This should start ssh and ask for a password.
Verify that the file .gnupg/gpg-agent.conf exists and that is contains the line enable-ssh-support
$ cat .gnupg/gpg-agent.conf enable-ssh-support
OpenSUSE usually starts both ssh-agent and gpg-agent which is unnecessary and causes problems. As gpg-agent is a replacement for ssh-agent, the later has to be disabled.
As root edit /etc/X11/xdm/sys.xsession and disable ssh-agent by commenting out the usessh line. The file should look like this:
# # sys.xsession: Login for an X session, will be executed # by the Xsession script of the xdm with # the help of the login shell of the user. # # # If ssh is configured and ssh-agent is wanted set "yes" # #usessh=yes # # If gpg is configured and gpg-agent is wanted set "yes" # usegpg=yes [...]
Then log off and log in again in order to start a new X11-Session.
use the command ssh-add -L to list the public part of your authentication key
$ ssh-add -L ssh-rsa AAAAB3NzaC1yc2EAAAADzH+OGdUvxYIkYqPuk6OuL4gmxuFP5Tn5x PWlMKubqSjXf9C/uXKEee5akPgqMA6T5GGUHwy3VM9rHWaBt2iwYtJR2v0ols 4gp3B+iYyNLvY6PaGwShNc16tnTMiJWn cardno:0005000011FD
Copy the output of ssh-add -L to the remote host and add it to the file .ssh/authorized_keys on said remote host.
email@example.com:~>$ cat .ssh/authorized_keys ssh-rsa AAAAB3NzaC1yc2EAAAADzH+OGdUvxYIkYqPuk6OuL4gmxuFP5Tn5x PWlMKubqSjXf9C/uXKEee5akPgqMA6T5GGUHwy3VM9rHWaBt2iwYtJR2v0ols 4gp3B+iYyNLvY6PaGwShNc16tnTMiJWn cardno:0005000011FD
Now you can log-on via ssh, type ssh firstname.lastname@example.org, and you will be asked for your FellowshipCard-PIN