wwpass_logo

SSH smart card logon with WWPass

SSH Server requirements

It is assumed that OpenSSH is used on server side. At present, OpenSSH is the most widely deployed free SSH solution.

OpenSSH supports smart cards and certificates since version 5.5 (2010). The current version is 6.9. Main Linux distributions include the OpenSSH:

Windows: PuTTY SSH client

PuTTY is well known and one of the best SSH clients for Windows. The original PuTTY cannot access smart cards, but there are numerous PuTTY modifications which provide support for smart cards.

This document is based on puttywincrypt - modified PuTTY SSH client.

Follow the steps below to configure certificate-based SSH connection.

  1. Download BOTH PuTTY and Pageant from puttywincrypt. You may replace the original files in an existing PuTTY installation or use them separately.

  2. Prior to using modified apps, stop the original PuTTY or Pageant if they are running

  3. Start Pageant.

  4. Right-click on the Pageant icon putty in the system tray and choose "Add certificate"

  5. After the dialog listing all your certificate appears, choose any certificate from your WWPass PassKey and press OK.

  6. Right-click on Pageant icon in the system tray and choose "View keys". You will see a dialog with the key for the certificate chosen at previous step.

    pageant_key_list

  7. Double-click this key. It copies the public key to the clipboard. Close the dialog. The clipboard will contain a line with the following format:

  8. ssh-rsa AAAAB3NzaC1yc2EAAAAdfg.....jdYYnM5V/ cert://cn=your_name_here, thumbprint=e745a7b6......

  9. Paste the key from the clipboard to target server's ~/.ssh/authorized_keys. Note: this key ends with cert://cn=your_name_here,thumbprint=NNNNNNNNN
  10. Start PuTTY. Open Connection > SSH > Auth and enter the cert://cn=your_name_here,thumbprint=NNNN into the "Private key file for authentication" text box.
  11. putty_cert

  12. Roll up left pane and select "Session" item
  13. goto_session

  14. Save this connection configuration
  15. putty_save

  16. Press Open button to establish an SSH connection