Mac and Linux user, I'd love to fix this, but I haven't done so. It to lose the cross-platform nature of the original PuTTY.
Windows-specific code (for loading the PKCS#11 library) which causes PuTTY SC, upon which PuTTY-CAC is based, includes some Public keys from certificates on the card if the public key is not PuTTY-CAC is based on PuTTY SC, but adds the capability to extract Public certificates include public keys,īut the implementation in PuTTY SC will not extract those public Private keys and public certificates, but does not include public The DoD CAC program issues tokens that include Namely, that the smartcard contains the public key as an PuTTY SC is pretty cool too, but the implementation makes aĬritical assumption about the smartcard that isn't always true: The manufacturer of your smartcard in order to use PuTTY SC. Is based on PKCS #11 and you need the appropriate library (.dll) of Held on a smartcard or usb token for authentication. This modified version of PuTTY supports RSA keys Implementation of SSH for Win32 platform. PuTTY is great, but I thought it would be cooler if it could use PKI Is written and maintained primarily by Simon Tatham. Win32 and Unix platforms, along with an xterm terminal emulator.
PuTTY is a free implementation of Telnet and SSH for Please email me with others if you learn them. Thanks to Eric Johnson at Imperial CollegeĬoolkey build from will work, but the dialog box makes it look like it doesn't (As of. I put a workaround in the experimental version to fix this, but it doesn't work if there are multiple card readers. Label, once you've set the PKCS#11 library.ĪctivClient generates Token labels on-the-fly. NetSign seems to do a good job finding the Token label and Certificate Labels corresponding to the PKCS#11 middlewares were: In my testing, the PKCS#11 library files, Token labels, and Certificate It should look like' ssh-rsa AAAAB3NzaC1yc2EAAAA.ZHkknlDE7jhQ= In addition to the "SSH Keystring" box in the user interface, the public key can be exported via the event log of PuTTY (it's written as a base64 encoded string to the event log when connecting to the server). Unfortunately, some PKCS#11 middleware does not work well with this dialog, and the configuration dialog does not work properly. You must store your public key in the $HOME/.ssh/authorized_keys file on the server. Label given to the certificate corresponding to the private and public
It's the same name you usually see when getting prompted toĮnter the password when accessing the smartcard for cryptographic Necessary library (.dll) to access your smartcard.
Instead, download an older release of 0.62 which has support for PKCS11. If you need to use PKCS11, then DO NOT DOWNLOAD ANY OF THESE VERSIONS. However, CAPI support is still functional. WARNING: The PKCS11 API originally from PuTTY-SC has been removed from all applications in this PuTTY-CAC Suite due to complications Josh was having with the code. : Josh Dantzler has updated PuTTY-CAC to be synchronized with PuTTY-0.65. I believe these are fixed by the patchset. : The version Josh published had some bugs that made the CAPI support mostly broken. : PuTTY-CAC has been updated to sync with PuTTY Since I have been slow in merging the upstream, I recommend that users of PuTTY-CAC pull from his repository:
: Bryan Berns, with help from and has updated PuTTY-CAC to sync with the upstream PuTTY 0.68. Smartcard authentication, particularly using the US Department ofĭefense Common Access Card (DoD CAC) as a PKI token. PuTTY-CAC PuTTY-CAC PuTTY-CAC is an open-source SSH client for Windows that supports