Support for proxying access to smartcards using p11-kit and SSH socket forwarding #135
Labels
Comments
|
This looks like a pretty heavy lift both in a development sense and a test environment. Do you know of any SSH client on Windows (paid or free) that is currently capable of doing this? |
|
So I believe that Win32-OpenSSH supports socket forwarding. The p11-kit I have only seen that in Cygwin and Mingw which are Windows projects. This article gives a great overview of how this is implemented by the user. https://www.redhat.com/en/blog/smart-card-forwarding-fedora Thank you for taking the time to respond. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Support for proxying access to smartcards. However, this requires presence of p11-kit and SSH socket forwarding support on the
client side. Needed for PKINIT enforcement in-order for AD users to be issue PKINIT Kerberos TGT from a FreeIPA realm in a remote connection scenario. The ssh connection is initiated from PuttyCaC to a RHEL workstation.
p11-kit:
https://www.redhat.com/en/blog/smart-card-forwarding-fedora
Windows builds of p11-kit are part of both Cygwin and MSYS2:
Cygwin:
https://cygwin.com/cygwin/packages/summary/p11-kit-src.html
MSYS2:
https://packages.msys2.org/base/p11-kit
Various SSH clients for Windows do support socket forwarding over SSH.
macOS versions of p11-kit are available from multiple sources (MacPorts,
Homebrew, etc).
The text was updated successfully, but these errors were encountered: