SSH¶
You can use NetHSM for SSH authentication. You need to pass the PKCS#11 module path in the command line or the SSH configuration.
ssh -I /usr/lib/x86_64-linux-gnu/pkcs11/libnethsm_pkcs11.so user@host
Host example.com
PKCS11Provider /usr/lib/x86_64-linux-gnu/pkcs11/libnethsm_pkcs11.so
Note
You can also set up SSH to use the NetHSM by default. To do so, add the following lines to your ~/.ssh/config
file:
Host *
PKCS11Provider /usr/lib/x86_64-linux-gnu/pkcs11/libnethsm_pkcs11.so
SSH will search for a key on the NetHSM that is accepted by the server.
To list the keys of a NetHSM in a SSH authorized_keys
format, use the following command:
ssh-keygen -D /usr/lib/x86_64-linux-gnu/pkcs11/libnethsm_pkcs11.so -e