Go to main content

Managing Authentication in Oracle^® Solaris 11.4

Exit Print View

» ...Documentation Home » Oracle Solaris 11.4 Information Library » Managing Authentication in ... » Using Smart Cards for Multifactor ... » Using a Smart Card in Oracle Solaris » How to Log In Remotely by Using ssh With Smart ...

Updated: November 2020

Managing Authentication in Oracle^® Solaris 11.4

Document Information

Using This Documentation

Chapter 1 Using Pluggable Authentication Modules

Chapter 2 Using Simple Authentication and Security Layer

Chapter 3 Using Smart Cards for Multifactor Authentication in Oracle Solaris

Two-Factor Authentication and Smart Cards

About Two-Factor Authentication

Implementation of Two-Factor Authentication in Oracle Solaris

Configuring an Oracle Solaris System for Smart Card Login

Main Smart Card Configuration Tasks

Installing Smart Card Packages

Using pcsclite for Smart Cards

Configuring libccid for Smart Card Readers

Configuring a Desktop for Users With Smart Cards

Configuring OCSP Certificates for Smart Cards

Configuring PAM for Smart Cards

Configuring Secure Shell Clients for Smart Cards

Enabling an Oracle Solaris System for Smart Card Login

How to Enable Smart Card Authentication

Enabling Your Web Browser and Email to Use Your Smart Card

How to Download Smart Card Certificates for Web and Email Use

How to Configure Firefox to Use Your Smart Card for Authentication

How to Configure Thunderbird to Use Your Smart Card for Signing and Encrypting Emails

Using a Smart Card in Oracle Solaris

How to Log In From a Local Console With Smart Card Authentication

How to Log In as a Role With Smart Card Authentication

How to Log In Remotely by Using ssh With Smart Card Authentication

How to Use a Smart Card to ssh to a Remote GNOME Desktop

How to Use a Smart Card to Log In to Your Local GNOME Desktop

How to Authenticate With a Smart Card on a Screensaver

Chapter 4 Using One-Time Passwords for Multifactor Authentication in Oracle Solaris

Chapter 5 Using Secure RPC on Oracle Solaris

Authentication Services Glossary

Language:

How to Log In Remotely by Using `ssh` With Smart Card Authentication

Before You Begin

You have a Secure Shell server that is configured for smart cards. You have inserted a smart card into the CCID-compliant smart card reader that is attached to a PC or workstation.

Open a terminal window.
Use ssh to reach the remote server.
- If you are connecting from an Oracle Solaris Secure Shell client to an Oracle Solaris Secure Shell server, type the following command:
```
$ ssh username@SSH-server
```
- If either the Secure Shell client or server are not Oracle Solaris, provide the full path to the PKCS #11 library.
  Confirm with your administrator which cryptographic module to use.
```
$ ssh -I /usr/lib/libcackey.so username@SSH-server
$ ssh -I /usr/lib/libcoolkeypk11.so username@SSH-server
```
The terminal displays the progress of smart card authentication.
```
Smartcard authentication starts
Smart card found.
Welcome LNAME.FNAME.ID!
```
Type your smart card PIN.
```
Smart card PIN: nnnnnnnn
```
- If you typed the correct PIN, a "verifying certificate" message displays and you are logged in.
- If you typed the wrong PIN, an error message displays: Error 2320: Wrong smartcard PIN. Type the correct PIN when smart card authentication restarts.
To quit the ssh session, type Control-D.

Copyright © 2002, 2020, Oracle and/or its affiliates.