Всё что относится к конфигам ssh:
$ cat .ssh/config
Host *
IdentitiesOnly yes
Host bla
HostName bla-bla.ru
# RSAAuthentication yes
IdentityFile ~/.ssh/id_rsa
User d.klester
Host nav
HostName *.*.*.*
SmartcardDevice /usr/lib/librtpkcs11ecp.so
ControlMaster auto
ControlPath /tmp/ssh_mux_%h_%p_%r
ControlPersist 1h
ServerAliveInterval 60
ServerAliveCountMax 5
$ cat .bash.d/ssh_agent.sh
# SSH Agent
env=~/.ssh/agent.env
agent_is_running() {
if [ "$SSH_AUTH_SOCK" ]; then
# ssh-add returns:
# 0 = agent running, has keys
# 1 = agent running, no keys
# 2 = agent not running
ssh-add -l >/dev/null 2>&1 || [ $? -eq 1 ]
else
false
fi
}
agent_has_keys() {
ssh-add -l >/dev/null 2>&1
}
agent_load_env() {
. "$env" >/dev/null
[ -S ~/.ssh/ssh_auth_sock ] || ln -sf "$SSH_AUTH_SOCK" ~/.ssh/ssh_auth_sock
export SSH_AUTH_SOCK=~/.ssh/ssh_auth_sock
}
agent_start() {
(umask 077; ssh-agent > "$env")
agent_load_env
}
add_all_keys() {
# if your keys are not stored in ~/.ssh/id_rsa.pub or ~/.ssh/id_dsa.pub, you'll need
# to paste the proper path after ssh-add
ls ~/.ssh | grep ^id_rsa.*$ | grep -v ".pub" | sed "s:^:`echo ~`/.ssh/:" | xargs -n 1 ssh-add
}
if ! agent_is_running; then
agent_load_env
fi
if ! agent_is_running; then
agent_start
add_all_keys
elif ! agent_has_keys; then
add_all_keys
fi
echo `ssh-add -l | wc -l` SSH keys registered.
unset env
Далее:
$ pkcs11-tool --module /usr/lib/librtpkcs11ecp.so -O
Using slot 0 with a present token (0x0)
Public Key Object; RSA 2048 bits
label: RSA 2048
ID: 01
Usage: encrypt, verify, wrap
Certificate Object; type = X.509 cert
label: RSA 2048
subject: DN: C=RU, ST=Omskaya obl., L=Omsk, O=OmskIT, OU=Admin, CN=Denis Klester/emailAddress=info@omskit.ru
ID: 01
Но:
$ ssh nav
Enter PIN for '***':
C_Login failed: 164
sign_and_send_pubkey: signing failed: error in libcrypto
username@*.*.*.*: Permission denied (publickey).