AutoIt
AutoIt
SSH Authenticate using Smart Card Private Key
See more SSH Examples
Demonstrates how to use a private key stored on an HSM (smartcard or token) for SSH public-key authentication. (Public-key authentication means the client, which is your application, uses the private key, while the corresponding public key is installed on the server under your SSH account.)Note: This example requires Chilkat v9.5.0.96 or later.
Chilkat AutoIt Downloads
Local $bSuccess = False
; This example requires the Chilkat API to have been previously unlocked.
; See Global Unlock Sample for sample code.
; Note: Chilkat's PKCS11 implementation runs on Windows, Linux, Mac OS X, and other supported operating systems.
$oPkcs11 = ObjCreate("Chilkat.Pkcs11")
; Use the PKCS11 driver (.dll, .so, .dylib) for your particular HSM.
; For example:
$oPkcs11.SharedLibPath = "C:/Program Files (x86)/Gemalto/IDGo 800 PKCS#11/IDPrimePKCS11.dll"
; Use your HSM's PIN.
Local $sPin = "0000"
; Normal user = 1
Local $iUserType = 1
; Establish a logged-on user session with the HSM.
$bSuccess = $oPkcs11.QuickSession($iUserType,$sPin)
If ($bSuccess = False) Then
ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
Exit
EndIf
; Provide a template to find a PKCS11 object.
$oJsonTemplate = ObjCreate("Chilkat.JsonObject")
; Find an RSA private key with the label "MySshKey".
; Here's an example of how the key was originally imported:
; PKCS11 Import SSH Key
$oJsonTemplate.UpdateString("class","private_key")
$oJsonTemplate.UpdateString("key_type","rsa")
$oJsonTemplate.UpdateString("label","MySshKey")
Local $iPrivKeyHandle = $oPkcs11.FindObject($oJsonTemplate)
If ($iPrivKeyHandle = 0) Then
ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
Exit
EndIf
; The private key handle is only valid during the PKCS11 session.
; If you wish to use the private key in another PKCS11 session,
; you'll first need to find it. See:
ConsoleWrite("private key handle: " & $iPrivKeyHandle & @CRLF)
; We'll also need the PKCS11 public key handle
; Modify the template by updating the "class" to "public_key"
$oJsonTemplate.UpdateString("class","public_key")
Local $iPubKeyHandle = $oPkcs11.FindObject($oJsonTemplate)
If ($iPubKeyHandle = 0) Then
ConsoleWrite($oPkcs11.LastErrorText & @CRLF)
Exit
EndIf
ConsoleWrite("public key handle: " & $iPubKeyHandle & @CRLF)
; Create an empty SSH key object, and tell it to use the PKCS11 handles.
; We also need to indicate the key type.
$oSshKey = ObjCreate("Chilkat.SshKey")
$bSuccess = $oSshKey.UsePkcs11($oPkcs11,$iPrivKeyHandle,$iPubKeyHandle,"rsa")
If ($bSuccess = False) Then
ConsoleWrite($oSshKey.LastErrorText & @CRLF)
Exit
EndIf
; Create an SSH object and authenticate using the SSH key, which will utilize the existing PKCS11 session.
$oSsh = ObjCreate("Chilkat.Ssh")
$bSuccess = $oSsh.Connect("my-ssh-server.com",22)
If ($bSuccess = False) Then
ConsoleWrite($oSsh.LastErrorText & @CRLF)
Exit
EndIf
; This is where the PKCS11 private key on the smart card is used.
$bSuccess = $oSsh.AuthenticatePk("your_ssh_username",$oSshKey)
If ($bSuccess = False) Then
ConsoleWrite($oSsh.LastErrorText & @CRLF)
Exit
EndIf
; Do whatever it is your app needs to do using the authenticated SSH session....
; ...
; ...
$oSsh.Disconnect
$oPkcs11.Logout()
$oPkcs11.CloseSession()