- You can put "PKCS11Provider /usr/lib...." in your .ssh/config file (even tied to a specific Host block) to make it load the module automatically instead of having to use an argument every time you run ssh/sftp/scp/etc.
- For windows, putty-cac works well with the built-in smartcard/crypto API (CAPI), even on machines where you don't have administrative access (like my work machine). It even has its own version of pageant, so it'll work with tools like WinSCP as well.
Yep, putty cac works very nice. The only downside I found compared to gpg agent is that cac does not forget PIN when the card is removed (gpg agent does that and I like it).
- You can put "PKCS11Provider /usr/lib...." in your .ssh/config file (even tied to a specific Host block) to make it load the module automatically instead of having to use an argument every time you run ssh/sftp/scp/etc.
- For windows, putty-cac works well with the built-in smartcard/crypto API (CAPI), even on machines where you don't have administrative access (like my work machine). It even has its own version of pageant, so it'll work with tools like WinSCP as well.
https://risacher.org/putty-cac/ https://github.com/NoMoreFood/putty-cac/releases