simple-tpm-pk11
- Links
https://github.com/ThomasHabets/simple-tpm-pk11
https://blog.habets.se/2013/11/TPM-chip-protecting-SSH-keys---properly
- Ubuntu 12.04 でテスト
- Build
$ sudo apt-get install tpm-tools libtspi-dev libopencryptoki-dev libssl-dev autoreconf libtool
$ git clone https://github.com/ThomasHabets/simple-tpm-pk11.git
$ cd simple-tpm-pk11
$ sh ./bootstrap.sh
$ ./configure
$ make
$ sudo make install
- Setup
$ tpm_version $ tpm_takeownership -z set your password $ tpm_changeownerauth -s -r $ mkdir ~/.simple-tpm-pk11 $ stpm-keygen -o ~/.simple-tpm-pk11/my.key Modulus size: 256 Exponent size: 3 Size: 2048 Blob size: 559 $ echo key my.key > ~/.simple-tpm-pk11/config $ echo -e "\nHost *\n PKCS11Provider /usr/local/lib/libsimple-tpm-pk11.so" >> ~/.ssh/config - shell.example.com を例に $ ssh-keygen -D /usr/local/lib/libsimple-tpm-pk11.so | ssh shell.example.com tee -a .ssh/authorized_keys $ ssh shell.example.com # Unless you have an ssh-agent with other keys, this will use the hardware-protected key.
これで shell.example.com に接続するための、SSH鍵がTPMに保存され保護されます。
- TPM以外の方法
-
- GNUK Tokenを使う
GnukトークンでSSH
http://www.janog.gr.jp/meeting/janog35/index.php/download_file/view/94/202/