Win32-OpenSSH
yubikey-agent
Our great sponsors
Win32-OpenSSH | yubikey-agent | |
---|---|---|
48 | 15 | |
7,126 | 2,568 | |
1.4% | - | |
6.2 | 0.0 | |
4 months ago | 5 months ago | |
Go | ||
- | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Win32-OpenSSH
-
Windows NT 3.1 on Dec Alpha AXP
A request for an official answer on CALs for Microsofts' SSH port is about to turn 6 years old:
https://github.com/PowerShell/Win32-OpenSSH/issues/926
-
Has anyone ever used ssh and ansible to manage a bunch of windows boxes?
I have automated some things "normally" on Windows successfully after installing OpenSSH-win32; https://github.com/PowerShell/Win32-OpenSSH/releases
- How to use SoloKey for SSH in Windows 11?
-
ssh client FIDO2
Are there any other ssh clients that support FIDO2 on windows besides Win32-OpenSSH?
- Modifying used KexAlgorithms on Windows SSH/SFTP server
- Started at a role 6 months ago. Have today been informed that our FTP server used daily by many is not even TLS 1.0 protected. Send help.
-
Experience with ssh git commit signing with Yubikey Bio?
If you're on windows, you need openssh 8.9 to use fido for ssh. https://github.com/PowerShell/Win32-OpenSSH/releases/tag/v8.9.1.0p1-Beta
-
Set up an SFTP server on Windows
Unlike Linux, Windows does not come with any tools for setting up an SFTP server. Even FileZilla Server, one of the most popular programs for setting up a FTP server, doesn't support SFTP out of the box. So, are there any other ways to set up an SFTP on Windows? Yes, of course. OpenSSH is a suite of programs for establishing secure connections to the server. sftp-server is one of the utility programs provided by OpenSSH, so this article will walk you through how to set up an SFTP server on Windows using OpenSSH. Originally, OpenSSH was only available on Linux, but Microsoft has ported it to Windows, so you can now use OpenSSH by downloading the zip file from here.
-
Win32-OpenSSH port forwading
It is mentioned in Win32-OpenSSH's scope that it does not support "VPN Forwarding". Is it the same thing as local/remote port forwarding (ssh -L, and ssh -R)? Can I forward port to and from Windows with Win32-OpenSSH installed on both client and server?
-
Which option to use: OpenPGP, PIV, FIDO2(-sk keys)
So, personally, I haven't been able to get FIDO2 keys to work at all on Windows, but I didn't try very hard because I'm set-up just fine with GPG for SSH. Apparently there have been a few bugs reported (ref, and linked issue.
yubikey-agent
-
Show HN: SSH-tpm-agent – SSH agent for TPMs
This is a great idea. I now exclusively use SSH keys on hardware security modules of some kind. I use "Secretive", a mac app that does the same, plus a yubikey using yubikey-agent (https://github.com/FiloSottile/yubikey-agent; there are too many complicated ways to use SSH keys with a yubikey this is one of the friendliest ones). Depending on the security and frequency of which I access the service impacts whether I need presence confirmation or use secretive versus the yubikey.
I would be remiss to mention there are existing SSH TPM projects, not sure how this one differentiates. It seems to at least have the user experience pretty simple, similar to yubikey-agent (and secretive), and unlike some of the existing solutions which have quite a few extra steps:
-
Secretive: Store SSH Keys in the Secure Enclave
Also check out https://github.com/FiloSottile/yubikey-agent which simplifies the setup quite a bit.
-
Yubikey ssh keys with Ansible, wants to be touched constantly
I'm using it on nixOS and macOS, via Nix Packages and Homebrew respectively. It's this - https://github.com/FiloSottile/yubikey-agent I'm realizing from this thread that it's not an official package. I'll go closer to the source with ykman. Thanks!
-
Is it possible to use AGE with a Ledger hardware device?
I think the Ledger Manager only interfaces with the GPG and SSH agents, neither of which age take advantage of. But age does have support for Yubikeys (see https://github.com/FiloSottile/yubikey-agent). If you can interface with the Ledger hardware device as a Yubikey, this might work. I don't have experience here, just a thought.
-
Cloudflare Hardware Keys (Yubico Partnership)
You can use PIV for SSH just fine.
It's not OpenSSH's weird FIDO mode, but I don't like the FIDO mode anyway because it requires storing a file on the computer.
https://github.com/FiloSottile/yubikey-agent
-
Am I the only one who's nervous when SSH-agent forwarding?
I have the same concern. I modified Pageant (Windows agent) so that it prompts me before signing anything which helps ease my mind, I only approve when I know I'm connecting to a new server. There are also options like requiring a Yubikey too (https://github.com/FiloSottile/yubikey-agent)
-
Failed to fetch key with ECDSA keys via libykcs11.dll
Aging MBP, Intel based, Monterey 12.3.1 uname -v Darwin Kernel Version 21.4.0: Fri Mar 18 00:45:05 PDT 2022; root:xnu-8020.101.4~15/RELEASE_X86_64 brew info yubikey-agent yubikey-agent: stable 0.1.5 (bottled), HEAD Seamless ssh-agent for YubiKeys and other PIV tokens https://filippo.io/yubikey-agent /usr/local/Cellar/yubikey-agent/0.1.5 (7 files, 4.8MB) * ...
-
How to Store an SSH Key on a Yubikey
Unless I've missed something, SSH keys stored on Yubikeys are still hampered because you aren't allowed to a touch policy of "touch never".
Imagine needing to touch the Yubikey with each "git pull" or using Ansible to operate over SSH on a dozen servers in parallel, and needing to touch the Yubikey once for each server.
The feature request I'm tracking is here: https://github.com/FiloSottile/yubikey-agent/issues/95
The proposed feature would allow setting a touch policy for the SSH key.
- FreeBSD SSH Hardening
-
Yubikey PIV encrypted messaging system
If you can do ssh, you can sign messages: https://github.com/FiloSottile/yubikey-agent
What are some alternatives?
openssh-portable - Portable OpenSSH, all Win32-OpenSSH releases and wiki are managed at https://github.com/powershell/Win32-OpenSSH
wsl-ssh-agent - Helper to interface with Windows ssh-agent.exe service from Windows Subsystem for Linux (WSL)
windows-fido-bridge - An OpenSSH SK middleware that allows you to use a FIDO/U2F security key (e.g. a YubiKey) to SSH into a remote server from WSL or Cygwin.
aws-vault - A vault for securely storing and accessing AWS credentials in development environments
wsl2-ssh-pageant - bridge between windows pageant and wsl2
authelia - The Single Sign-On Multi-Factor portal for web apps
madaidans-insecurities.github.io
age-plugin-yubikey - YubiKey plugin for age
sshfs-win - SSHFS For Windows
win-gpg-agent - [DEPRECATED] Windows helpers for GnuPG tools suite
Windows Terminal - The new Windows Terminal and the original Windows console host, all in the same place!
ssh-audit - SSH server & client security auditing (banner, key exchange, encryption, mac, compression, compatibility, security, etc)