Comments (3)
Foxboron
commented on May 30, 2024
4
Generally, when doing UX we can't do worse then whateverthefuck PKCS11 is currently doing; https://jade.fyi/blog/tpm-ssh/
from ssh-tpm-agent.
Foxboron
commented on May 30, 2024
Current idea is to probably just mirror the existing ssh client tooling and rely on the same assumptions.
It turns out that all of the tools query the agent when getting a public key, so we don't actually have to care that much about what we do with our private TPM token.
General idea is as follows:
ssh-add->ssh-tpm-addssh-agent->ssh-tpm-agentssh-keygen->ssh-tpm-keygen
Keys should have a .tpm_ssh extension.
ssh-tpm-agent
Starts the agent. It accepts a socket location, and a location to search for keys with the .tpm_ssh extension.
tpm-ssh-agent --install-user-units can optionally install systemd services for the given user (maybe).
ssh-tpm-keygen
Creates keys with the same flow as found in ssh-keygen. These files are installed into .ssh/ with id_edsa.pub and id_edsa.tpm_ssh.
ssh-tpm-add
Little bit unsure about the feature list we want, but generally things that are usually not supported by ssh-add. Generally we want the ability to import existing private keys, seal them towards the TPM.
This would allow people to move existing keys from their .ssh dir and sealed towards the TPM.
It should probably also be capable of adding new keys into the existing agent.
from ssh-tpm-agent.
Foxboron
commented on May 30, 2024
Everything should be included with this change:
from ssh-tpm-agent.
Related Issues (20)
- PCR binding support HOT 15
- Problem when proxying agent, breaks at one point HOT 2
- Don't add suffix if user added it already HOT 1
- Load key "/home/jc/.ssh/hh-8192_rsa.tpm": error in libcrypto HOT 3
- Integrity check failed
- Cannot import ecdsa-sha2-nistp384 HOT 5
- host key functionality fails HOT 5
- user key functionality fails HOT 18
- agent-forwarding does not work with certificates HOT 6
- ssh-tpm-add does not have -l functionality HOT 2
- Ed25519 key type support HOT 1
- ArchLinux package doesn't set the executable bit on install
- ssh-tpm-agent --print socket prints value of $SSH_AUTH_SOCK and not its own socket HOT 2
- Change PIN HOT 6
- 0.3.0: default key length not valid HOT 11
- 0.3.0: absolute paths are rewritten
- pinentry uses a non-descriptive name HOT 1
- Support SSH_ASKPASS
- [0.3.0-1] TPM key is in an old format. Will not load it. HOT 2
- Error when running `ssh-tpm-keygen`: `open /dev/tpmrm0: permission denied` HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ssh-tpm-agent.