[Freeipa-devel] OpenSSH with PKCS#11 for key storage
Petr Spacek
pspacek at redhat.com
Wed Feb 19 18:49:15 UTC 2014
Hello list,
I just came across this page:
http://www.gooze.eu/howto/using-openssh-with-smartcards/using-ssh-authentication-agent-ssh-add-with-smartcards
If I understand correctly, it allows you to store & use your personal SSH keys
via PKCS#11 interface.
It sounds like a killer feature to me!
Imagine that you can log-in to any machine in IPA realm and you will have all
your SSH keys with you, without any extra work.
This extends seamless SSO outside the enterprise (we have Kerberos for inside,
this doesn't change that).
Petr^2 Spacek
P.S. It is natively supported in OpenSSH v5.4p1 - we have PKCS#11 support in
Fedora 20 already.
More information about the Freeipa-devel
mailing list