PuTTY SC: A Free SSH Client with Smartcard Support
The Original PuTTY
PuTTY SC is a free implementation of SSH for Win32 platform.
The latest version (SC-25) is based on PuTTY 0.60
This modified version of PuTTY supports RSA keys held on a smartcard or usb token for authentication.
The interface is based on PKCS #11 and you need the appropriate library (.dll) of the
manufacturer of your smartcard in order to use PuTTY SC.
|SC-25 (PuTTY 0.60) Binary for Windows 95, 98, ME, NT, 2000 and XP on Intel x86|
Note: A further enhanced version (also supporting MS-CAPI) is PuTTY CAC.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED
TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
PASCAL BUCHBINDER BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
Use the "Pkcs11" panel to configure PuTTY SC for smartcard usage.
Note: these settings are used by the SSH agent as well.
'Use Windows event log'
Writes log messages to the Windows event log too. This might be helpful for debugging.
'Attempt PKCS#11 smartcard auth (SSH-2)'
This option is used to enable smartcard authentication in general.
'PKCS#11 library for authentication'
Specify the necessary library (.dll) to access your smartcard. It is usually stored in the win32 directory, e.g.
C:\WINDOWS\system32\eTpkcs11.dll for the Aladdin eToken,
cvP11.dll for the Post SuisseID, or
dkck232.dll for the Rainbow iKey.
If you don't know the name of the library, you may want to use this command line tool which tries to search for the .dll file on your workstation. You may need to run the tool several times since it may crash when opening some of the systems libraries.
Specify the name of your smartcard. It's the same name you usually see when getting prompted to enter the password when accessing the smartcard for cryptographic operations, e.g. when signing email.
The label given to the certificate corresponding to the private and public key you want use for authentication.
Export the Public Key
You must store your public key in the
$HOME/.ssh/authorized_keys2 file on the server. The public key can be exported via the event log of PuTTY (it's written as a base64 encoded string to the event log when connecting to the server). Just copy/past this string.
It should look like '
ssh-rsa AAAAB3NzaC1yc2EAAAA.....ZHkknlDE7jhQ== token-key'.
You may also use this tool in order to get a list of all keys on your token.
The agent uses the stored sessions (created when using PuTTY SC) from the Windows registry to detect a usable key. The first key available on the smartcard is loaded into the agent key store (the current version only supports one active key). The agent can be used with some other SSH clients as well, e.g. WinSCP.
The source code of PuTTY SC is available under the GPL license. The archive includes the main source files of PuTTY SC as well as several patch files.
© 2005-2008, Pascal Buchbinder