putty-cac
PCSC
putty-cac | PCSC | |
---|---|---|
12 | 1 | |
451 | 234 | |
- | - | |
6.1 | 8.7 | |
22 days ago | 1 day ago | |
C | C | |
GNU General Public License v3.0 or later | GNU General Public License v3.0 or later |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
putty-cac
-
NIST: Personal Identity Verification (PIV) of Federal Employees and Contractors
PuTTY-CAC was an interesting, although imperfect solution to using PIV/CAC cards together with SSH. I remember piloting it from 2013-2014 at an agency. Back then, it was maintained by Dan Risacher[0]. Nowadays it is maintained on GitHub[1] and adopted some interesting features like FIDO.
[0] https://risacher.org/putty-cac/
[1] https://github.com/NoMoreFood/putty-cac
-
Unix sockets, Cygwin, SSH agents, and sadness
>so I've been working on extending our support for hardware-backed SSH certificates to Windows
Interesting work & I wish him luck. The ability to use hardware SSH certs on Windows has been around for at least a decade now, but it hasn't been a seamless experience.
The other attempt I'm aware of is PuTTY-CAC[0]. The issue with PuTTY-CAC is that the server still needs to be configured to check the certificate against CRLs & PKI infrastructure. Even without that, it is still used in security-conscious organizations, like the US Department of Veteran Affairs [1], for example.
[0] https://github.com/NoMoreFood/putty-cac
[1] https://www.oit.va.gov/Services/TRM/ToolPage.aspx?tid=8714#
- ssh client FIDO2
-
SSH from any computer using FIDO2 resident key, multiple keys and hosts.
Seem like a fork as FIDO Key signing but that's all (https://github.com/NoMoreFood/putty-cac/releases/tag/0.77)
-
Using Yubikey inside RDP Session (Terminal Server)
There is a GitHub Issue by me which may be interesting for you... it is about PuTTY CAC, but maybe you find some useful information in that too.
-
How to secure SSH for Remote connections
If you have smartcards or FIDO2 security keys (Yubikeys), consider using something like PuTTY CAC (https://github.com/NoMoreFood/putty-cac) to provide cheap and easy multi-factor authentication. With FIDO2, specifically, you can force the SSH server to only accept security keys by setting the only allowed authentication method to be [[email protected]](mailto:[email protected]).
-
I have a simple use case: windows ssh to Linux
2) Get an SSH client which works with Windows. I'd like to suggest or a fork based on "Putty SSH" ( https://www.putty.org/ ) called "Putty CAC" (SSH) which as of late May 2022 also supports FIDO2 keys ( citation: https://github.com/NoMoreFood/putty-cac/issues/57 ) ( Site for Putty CAC (ssh): https://github.com/NoMoreFood/putty-cac ) (unlike the main Putty SSH as of July 22, 2022)
-
Single SSH key-pair for my local machine and all my remote servers? Or a custom SSH key-pair for each remote server?
If you want to be safer, look into using WebAuthn/FIDO2 hardware token. OpenSSH supports them since version 8.2, and if you're on Windows, putty-cac added support in the last release.
-
PuTTY CAC (Free, Opensource) FIDO Changes: Help Needed
The development branch for PuTTY CAC that has the FIDO change can be found here.
-
Call For Testers: PuTTY CAC 0.77 Pre-Release (FIDO Support)
For several years, I've been the lead developer for a fork of PuTTY called PuTTY CAC that focuses on 2FA. In addition to utilizing certificate-bound keypairs (via Windows CAPI or a PKCS library), I've recently added support for FIDO2 keys using the WebAuthn functionality in Windows 10+. I tentatively plan on releasing these changes shortly after upstream PuTTY 0.77 is released. The development branch binaries can be found here: putty-cac/binaries at fido_dev_branch ยท NoMoreFood/putty-cac (github.com).
PCSC
-
Using Yubikey for SSH, always asking for password (Fedora GNOME)
It seems that issues with gpg/pcscd on Fedora have occurred in the past (ref), but the problem is likely more general on systems where pcscd is starting separately for one reason of another (ref1 ref2 ref3).
What are some alternatives?
interesting-keys - Interesting collected (leaked) encryption/decryption keys
libnfc - Platform independent Near Field Communication (NFC) library
KiTTY - :computer: KiTTY, a free telnet/ssh client for Windows
config - Various program configuration files and scripts
win-gpg-agent - [DEPRECATED] Windows helpers for GnuPG tools suite
WSCT-Core - Public repository for WSCT Core project.
hiba - HIBA is a system built on top of regular OpenSSH certificate-based authentication that allows to manage flexible authorization of principals on pools of target hosts without the need to push customized authorized_users files periodically.
void-packages - The Void source packages collection
OpenSC - Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend
hydrafw - HydraBus HydraFW official firmware for open source multi-tool for anyone interested in learning/developping/debugging/hacking/Penetration Testing for basic or advanced embedded hardware
BorgBackup - Deduplicating archiver with compression and authenticated encryption.
WindTerm - A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.