[Pcsclite-muscle] Best way to remotely use smart card?
David Woodhouse
dwmw2 at infradead.org
Sun Nov 12 18:59:31 PST 2023
On Sun, 2023-11-12 at 20:45 -0600, D Ducky wrote:
> Hello,
>
> I have two machines with Fedora 39.
>
>
> I now use remmina for vnc+ssh to remotely access my machine.
>
> The remote machine is colocated in the same building as the client
> machine. The remote machine has the card reader, and the card.
>
> However, with remmina, I have no option to enable smart card access, or
> whatever. So despite the host remote machine having the card in the
> smart card reader, and it working fine when at that machine, when I
> access it through remmina, vnc+ssh, it acts as though there is no card
> in the smart card reader.
>
> What is the best way to accomplish what I am trying to do here? I want
> to be able to access websites through vnc+ssh or something like that
> using the host's smart card certificates.
Assuming you're using the remote token via PKCS#11, you can use p11-kit
remote access. On the local machine, create a file named something like
~/.config/pkcs11/modules/remote.conf containing the following:
remote:|ssh remotemachine p11-kit remote /usr/lib64/pkcs11/opensc-pkcs11.so
Set the 'remotemachine' name correctly of course, and use the right
PKCS#11 provider (or maybe p11-kit-proxy.so).
Then the remote token should show up automatically in every application
which uses PKCS#11.
cf. https://p11-glue.github.io/p11-glue/p11-kit/manual/remoting.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5965 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/pcsclite-muscle/attachments/20231112/e8d909ea/attachment.p7s>
More information about the pcsclite-muscle
mailing list