openssh-sk-winhello
bless
openssh-sk-winhello | bless | |
---|---|---|
7 | 6 | |
181 | 2,729 | |
- | 0.2% | |
0.0 | 0.0 | |
over 1 year ago | 9 months ago | |
C | Python | |
GNU Lesser General Public License v3.0 only | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
openssh-sk-winhello
-
Use TouchID to Authenticate Sudo on macOS
For Windows, it seems it's possible[0, see footnote], however there are problems like general incompatibilities [1], and official support status is " We have this in our backlog. At this point it's not prioritized.".
0: https://github.com/tavrez/openssh-sk-winhello
0.footnote: "Windows Hello also supports other types of authenticators like internal TPM device(if they support generating ECDSA or Ed25519 keys, they can be used instead of FIDO/U2F security keys)."
1: https://github.com/tavrez/openssh-sk-winhello/issues
2: https://github.com/PowerShell/Win32-OpenSSH/issues/1804#issu...
-
Hardening SSH
Awesome article! Also found this tool (tavrez/OpenSsh-sk-winhello) for windows that lets you do this without admin access
-
[QUESTION] Is there a best way to manage multiple SSH on multiple Yubikeys?
Which is also how they are generated when retrieving them on a new computer via ssh-keygen -K since I used the application=ssh:yubikey_5 flag when first generating them. So something like ssh-keygen -t ed25519-sk -O resident -O application=ssh:yubikey_5c, but because I am on Windows I also had the -w winhello.dll flag (In case anyone stumbles on this question)
-
Using Yubikey FIDO with ssh-agent on macOS?
This is what i used but YMMV https://github.com/tavrez/openssh-sk-winhello/releases/tag/v2.0.0
-
Tell HN: GitHub no longer supporting unauthenticated `git://`
> Because AFAIK, (Fido) yubikey support is still missing.
Correct, hopefully Microsoft will provide an updated SSH client soon. It only requires recompiling OpenSSH with the correct flags.
Alternatively, use these build instruction for openssh with FIDO for windows:
https://gist.github.com/martelletto/6a7cf806c6433ac9ce71d66a...
> Using either the PKCS#11 support or the gpg applet requires some extra piece of software
For those wanting to do that, here are some ways:
Using a premade dll:
https://github-wiki-see.page/m/mooltipass/minible/wiki/Setti...
Or with a middleware:
https://github.com/mgbowen/windows-fido-bridge
Using the Hello API:
https://github.com/tavrez/openssh-sk-winhello
Given how many people came with their own ways, I believe there's enough demand for Microsoft to fix that.
- Unable to generate ssh sk keys on Windows 10
-
How often should I rotate my SSH keys?
My knowledge of WebAuthn is limited but their invocation of the relevant API seems like it should work for fingerprints also.
[1] https://github.com/tavrez/openssh-sk-winhello
bless
-
What are SSH Certificate Authority solutions?
In the quick search I learned about ssh cert authority which looks very manual and also like a dead project smallstep's step-ca who put together very nice article about how to begin certificate authority process Netflix' BLESS is AWS only Cashier which also looks quite ok
-
What is the best way to manage SSH identities and access on scale?
NETFLIX BLESS - Bastion's Lambda Ephemeral SSH Service
- Has anyone here heard of the term “infrastructure access platform” or StrongDm or Teleport?
- Cryptojacking Attacks Continue To Target SSH Servers
- How often should I rotate my SSH keys?
-
Why SSH certificates are awesome
3. BLESS - By Netflix
What are some alternatives?
libfido2 - Provides library functionality for FIDO2, including communication with a device over USB or NFC.
certificates - 🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
windows-fido-bridge - An OpenSSH SK middleware that allows you to use a FIDO/U2F security key (e.g. a YubiKey) to SSH into a remote server from WSL or Cygwin.
the-bastion - Authentication, authorization, traceability and auditability for SSH accesses.
wsl2-ssh-pageant - bridge between windows pageant and wsl2
cashier - A self-service CA for OpenSSH
secretive - Store SSH keys in the Secure Enclave
keymaster - Short term certificate based identity system (ssh/x509 ca + openidc)
sekey - Use Touch ID / Secure Enclave for SSH Authentication!
streamalert - StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.
Win32-OpenSSH - Win32 port of OpenSSH