turnkey/openpgp-card
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Adjust opgpcard ssh output

Browse source
This commit is contained in:
Heiko Schaefer 2022-03-18 15:03:20 +01:00
parent f24bcfa8f8
commit 2f32583fd1
No known key found for this signature in database
GPG key ID: 4A849A1904CCBD7D
3 changed files with 13 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
tools/README.md
View file

@ -67,6 +67,14 @@ algorithms of the card, if the card returns that list):
$ opgpcard status -c ABCD:01234567 -v $ opgpcard status -c ABCD:01234567 -v
``` ```
### Using a card for ssh auth
To use an OpenPGP card for ssh login, an authentication key needs to exist on the card.
To allow login, the ssh public key representation of the authentications key needs to be added to
`.ssh/authorized_keys` on the remote machine. `opgpcard ssh` shows the ssh public key string for the authentication
key on the card.
### Import keys ### Import keys
Import private key onto a card. This works if at most one (sub)key per role ( Import private key onto a card. This works if at most one (sub)key per role (

4
tools/src/bin/opgpcard/main.rs
View file

@ -332,14 +332,14 @@ fn print_ssh(ident: Option<String>) -> Result<()> {
println!(); println!();
if let Some(fp) = fps.authentication() { if let Some(fp) = fps.authentication() {
println!("Authentication subkey fingerprint:\n{}", fp); println!("Authentication key fingerprint:\n{}", fp);
} }
// Show authentication subkey as openssh public key string // Show authentication subkey as openssh public key string
if let Ok(pkm) = open.public_key(KeyType::Authentication) { if let Ok(pkm) = open.public_key(KeyType::Authentication) {
if let Ok(ssh) = util::get_ssh_pubkey_string(&pkm, ident) { if let Ok(ssh) = util::get_ssh_pubkey_string(&pkm, ident) {
println!(); println!();
println!("Authentication subkey as ssh public key:\n{}", ssh); println!("Authentication key as ssh public key:\n{}", ssh);
} }
} }

6
tools/src/bin/opgpcard/util.rs
View file

@ -95,7 +95,7 @@ pub(crate) fn open_or_stdout(f: Option<&Path>) -> Result<Box<dyn std::io::Write
} }
fn get_ssh_pubkey(pkm: &PublicKeyMaterial, ident: String) -> Result<sshkeys::PublicKey> { fn get_ssh_pubkey(pkm: &PublicKeyMaterial, ident: String) -> Result<sshkeys::PublicKey> {
let cardno = format!("cardno:{}", ident); let cardname = format!("opgpcard:{}", ident);
let (key_type, kind) = match pkm { let (key_type, kind) = match pkm {
PublicKeyMaterial::R(rsa) => { PublicKeyMaterial::R(rsa) => {
@ -159,7 +159,7 @@ fn get_ssh_pubkey(pkm: &PublicKeyMaterial, ident: String) -> Result<sshkeys::Pub
let pk = sshkeys::PublicKey { let pk = sshkeys::PublicKey {
key_type, key_type,
comment: Some(cardno), comment: Some(cardname),
kind, kind,
}; };
@ -167,7 +167,7 @@ fn get_ssh_pubkey(pkm: &PublicKeyMaterial, ident: String) -> Result<sshkeys::Pub
} }
/// Return a String representation of an ssh public key, in a form like: /// Return a String representation of an ssh public key, in a form like:
/// "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuTuxILMTvzTIRvaRqqUM3aRDoEBgz/JAoWKsD1ECxy cardno:FFFE:43194240" /// "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAuTuxILMTvzTIRvaRqqUM3aRDoEBgz/JAoWKsD1ECxy opgpcard:FFFE:43194240"
pub(crate) fn get_ssh_pubkey_string(pkm: &PublicKeyMaterial, ident: String) -> Result<String> { pub(crate) fn get_ssh_pubkey_string(pkm: &PublicKeyMaterial, ident: String) -> Result<String> {
let pk = get_ssh_pubkey(pkm, ident)?; let pk = get_ssh_pubkey(pkm, ident)?;