Skip to content

Instantly share code, notes, and snippets.

@kumarsandeep91

kumarsandeep91/hardware_token.md

Forked from sandys/hardware_token.md
Last active April 20, 2019 07:28
Show Gist options
  • Save kumarsandeep91/733a5217f98adf4f0eca106a37a9da53 to your computer and use it in GitHub Desktop.
Save kumarsandeep91/733a5217f98adf4f0eca106a37a9da53 to your computer and use it in GitHub Desktop.
Download ZIP
Registering a hardware token
Raw
hardware_token.md

OSX - https://github.com/OpenSC/OpenSC/releases/download/0.16.0/OpenSC-0.16.0.dmg

Fedora - sudo dnf install pcsc-tools opensc ccid

ubuntu - sudo dnf install pcsc-tools opensc libccid

Note - for ubuntu 18.04 there is bug in opensc version 0.17.0 (unsupported card). install opensc version 0.19.0. intsructions are https://github.com/OpenSC/OpenSC/wiki/Compiling-and-Installing-on-Unix-flavors

Find out where OpenSC has installed the pkcs11 module.

For OS X with binary installation this is typically in /Library/OpenSC/lib/. Homebrew users can use export OPENSC_LIBS=$(brew --prefix opensc)/lib

pkcs15-init --erase-card should show some output.

Windows - https://github.com/OpenSC/OpenSC/releases/download/0.19.0-rc1/OpenSC-win64_vs12-Release.msi

First time init

In windows, use "C:\Program Files\OpenSC Project\OpenSC\tools\pkcs15-init.exe" commands remain the same

pkcs15-init --erase-card

** In this step you will choose a password and enter it 4 times. Please choose a strong password**

pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label "RedCarpet"

pkcs15-init --auth-id 1 --generate-key rsa/2048 --key-usage sign,decrypt --label "RedCarpet"

Listing keys

To list the keys that you created in your previous step

pkcs15-tool --list-keys

Get ssh public key of the key you created in the previous step

pkcs15-tool --read-ssh-key <key id>

This key id is something we add to our servers. Whenever we ask you to "send your public key". This is what you send.

ssh (after your public key has been added to servers)

Fedora - ssh   -o PKCS11Provider=/usr/lib64/opensc-pkcs11.so user@gcp.red.com

Ubuntu - ssh  -o PKCS11Provider=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so  user@gcp.red.com

Ubuntu 18.04 - ssh  -o PKCS11Provider=/usr/lib/opensc-pkcs11.so  user@gcp.red.com

OSX - ssh -o PKCS11Provider=/Library/OpenSC/lib/opensc-pkcs11.so user@gcp.red.com

DB access through bastion

#OSX ssh -N -o PKCS11Provider=/Library/OpenSC/lib/opensc-pkcs11.so -L 5432:rds.db.aws.com:5432 username@bastion-ip

#Ubuntu ssh -N -o PKCS11Provider=/usr/lib/x86_64-linux-gnu/opensc-pkcs11.so -L 5432:rds.db.aws.com:5432 username@bastion-ip

#Ubuntu 18.04 ssh -N -o PKCS11Provider=/usr/lib/opensc-pkcs11.so -L 5432:rds.db.aws.com:5432 username@bastion-ip

#fedora ssh -N -o PKCS11Provider=/usr/lib64/opensc-pkcs11.so -L 5432:rds.db.aws.com:5432 username@bastion-ip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment