[Pcsclite-muscle] Best way to remotely use smart card?
Ludovic Rousseau
ludovic.rousseau at gmail.com
Mon Nov 13 08:42:57 PST 2023
Le lun. 13 nov. 2023 à 16:41, David Woodhouse <dwmw2 at infradead.org> a écrit :
>
> On 13 November 2023 10:37:09 GMT-05:00, Lew Wolfgang <wolfgang at sweet-haven.com> wrote:
> >On 11/13/23 05:51, Douglas E Engert wrote:
> >> Another approach which may not by available or is not what you want, is to use some Remote Desktop application
> >> so the user has the card with them, but server can access it for login and/or after login. Windows RDC can do this.
> >
> >Is this sort of thing possible with a Linux client and server? Remmina on the
> >client, xrdp on the server? Smartcard on the client.
>
> I showed how to forward the smart card from one host to another. Using that example you'd need to SSH back from the "server" to the "client" though.
You can do the redirection at the PKCS#11 level as David suggested.
You can also do the redirection at the PC/SC level.
See https://blog.apdu.fr/posts/2022/02/one-smart-card-reader-accessible-from/
> Separately, I think Remmina does have support for forwarding a local smart card to the remote host, at least for Windows/RDP. Hooking that up to the RDP server on the "remote" so that it appears automatically as a p11-kit module shouldn't be hard.
It looks like RDP servers on GNU/Linux are not yet ready for smart card use.
I am working with xrdp team (and others) to provide a solution. See
https://github.com/LudovicRousseau/PCSC/issues/161
Bye
--
Dr. Ludovic Rousseau
More information about the pcsclite-muscle
mailing list