SSH smart card logon with WWPass

SSH Server requirements#

It is assumed that OpenSSH is used on server side. At present, OpenSSH is the most widely deployed free SSH solution.

OpenSSH supports smart cards and certificates since version 5.5 (2010). The current version is 6.9. Main Linux distributions include the OpenSSH:

  • Debian 7 : version 6.0
  • Debian 8 : version 6.7
  • Ubuntu 14.04 : version 6.6
  • CentoS 7 : version 6.6
  • Red Hat Enterprize Linux 7 : version 6.6

Windows: PuTTY SSH client#

PuTTY is well known and one of the best SSH clients for Windows. The original PuTTY cannot access smart cards, but there are numerous PuTTY modifications which provide support for smart cards.

This document is based on puttywincrypt - modified PuTTY SSH client.

Follow the steps below to configure certificate-based SSH connection.

  1. Download BOTH PuTTY and Pageant from puttywincrypt. You may replace the original files in an existing PuTTY installation or use them separately.

  2. Prior to using modified apps, stop the original PuTTY or Pageant if they are running

  3. Start Pageant.

  4. Right-click on the Pageant icon Pageant icon in the system tray and choose "Add certificate"

  5. After the dialog listing all your certificate appears, choose any certificate from your WWPass Key and press OK.

  6. Right-click on Pageant icon in the system tray and choose "View keys". You will see a dialog with the key for the certificate chosen at previous step.

    Pageant Key List

  7. Double-click this key. It copies the public key to the clipboard. Close the dialog. The clipboard will contain a line with the following format:

    ssh-rsa AAAAB3NzaC1yc2EAAAAdfg.....jdYYnM5V/ cert://cn=your_name_here, thumbprint=e745a7b6......

  8. Paste the key from the clipboard to target server's ~/.ssh/authorized_keys.

    Icon NoteNote: this key ends with cert://cn=your_name_here,thumbprint=NNNNNNNNN

  9. Start PuTTY. Open Connection > SSH > Auth and enter the cert://cn=your_name_here,thumbprint=NNNN into the "Private key file for authentication" text box.

    PuTTY Configuration

  10. Roll up left pane and select "Session" item

    PuTTY Configuration

  11. Save this connection configuration

    PuTTY Configuration

  12. Press Open button to establish an SSH connection