OSX - https://github.com/OpenSC/OpenSC/releases/download/0.16.0/OpenSC-0.16.0.dmg
Fedora - sudo dnf install pcsc-tools opensc ccid
ubuntu - sudo dnf install pcsc-tools opensc libccid
Note - for ubuntu 18.04
there is bug in opensc version 0.17.0
(unsupported card). install opensc version 0.19.0
. intsructions are https://github.com/OpenSC/OpenSC/wiki/Compiling-and-Installing-on-Unix-flavors
Find out where OpenSC has installed the pkcs11 module.
For OS X with binary installation this is typically in
/Library/OpenSC/lib/. Homebrew users can use export OPENSC_LIBS=$(brew --prefix opensc)/lib
pkcs15-init --erase-card
should show some output.
Windows - https://github.com/OpenSC/OpenSC/releases/download/0.19.0-rc1/OpenSC-win64_vs12-Release.msi
In windows, use "C:\Program Files\OpenSC Project\OpenSC\tools\pkcs15-init.exe"
commands remain the same
pkcs15-init --erase-card
** In this step you will choose a password and enter it 4 times. Please choose a strong password**
pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label "RedCarpet"
pkcs15-init --auth-id 1 --generate-key rsa/2048 --key-usage sign,decrypt --label "RedCarpet"
To list the keys that you created in your previous step
pkcs15-tool --list-keys
pkcs15-tool --read-ssh-key <key id>
This key id is something we add to our servers. Whenever we ask you to "send your public key". This is what you send.
Fedora - ssh -o PKCS11Provider=/usr/lib64/opensc-pkcs11.so user@gcp.red.com
Ubuntu - ssh -o PKCS11Provider=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so user@gcp.red.com
Ubuntu 18.04 - ssh -o PKCS11Provider=/usr/lib/opensc-pkcs11.so user@gcp.red.com
OSX - ssh -o PKCS11Provider=/Library/OpenSC/lib/opensc-pkcs11.so user@gcp.red.com
#OSX
ssh -N -o PKCS11Provider=/Library/OpenSC/lib/opensc-pkcs11.so -L 5432:rds.db.aws.com:5432 username@bastion-ip
#Ubuntu
ssh -N -o PKCS11Provider=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L 5432:rds.db.aws.com:5432 username@bastion-ip
#Ubuntu 18.04
ssh -N -o PKCS11Provider=/usr/lib/opensc-pkcs11.so -L 5432:rds.db.aws.com:5432 username@bastion-ip
#fedora
ssh -N -o PKCS11Provider=/usr/lib64/opensc-pkcs11.so -L 5432:rds.db.aws.com:5432 username@bastion-ip