[Pcsclite-muscle] Best way to remotely use smart card?
D Ducky
suffsuccotash at gmail.com
Sun Nov 12 19:25:02 PST 2023
https://p11-glue.github.io/p11-glue/p11-kit/manual/remoting.html
Ok, the difference here is the remote server is where the card is. The
local machine is sshing/vncing into the remote server, where the smart
card is present in the reader.
On 11/12/23 20:59, David Woodhouse wrote:
> On Sun, 2023-11-12 at 20:45 -0600, D Ducky wrote:
>> Hello,
>>
>> I have two machines with Fedora 39.
>>
>>
>> I now use remmina for vnc+ssh to remotely access my machine.
>>
>> The remote machine is colocated in the same building as the client
>> machine. The remote machine has the card reader, and the card.
>>
>> However, with remmina, I have no option to enable smart card access, or
>> whatever. So despite the host remote machine having the card in the
>> smart card reader, and it working fine when at that machine, when I
>> access it through remmina, vnc+ssh, it acts as though there is no card
>> in the smart card reader.
>>
>> What is the best way to accomplish what I am trying to do here? I want
>> to be able to access websites through vnc+ssh or something like that
>> using the host's smart card certificates.
> Assuming you're using the remote token via PKCS#11, you can use p11-kit
> remote access. On the local machine, create a file named something like
> ~/.config/pkcs11/modules/remote.conf containing the following:
>
> remote:|ssh remotemachine p11-kit remote /usr/lib64/pkcs11/opensc-pkcs11.so
>
> Set the 'remotemachine' name correctly of course, and use the right
> PKCS#11 provider (or maybe p11-kit-proxy.so).
>
> Then the remote token should show up automatically in every application
> which uses PKCS#11.
>
> cf. https://p11-glue.github.io/p11-glue/p11-kit/manual/remoting.html
More information about the pcsclite-muscle
mailing list