putty-cac
win-gpg-agent
putty-cac | win-gpg-agent | |
---|---|---|
12 | 6 | |
451 | 214 | |
- | - | |
6.1 | 6.5 | |
22 days ago | over 1 year ago | |
C | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
putty-cac
-
NIST: Personal Identity Verification (PIV) of Federal Employees and Contractors
PuTTY-CAC was an interesting, although imperfect solution to using PIV/CAC cards together with SSH. I remember piloting it from 2013-2014 at an agency. Back then, it was maintained by Dan Risacher[0]. Nowadays it is maintained on GitHub[1] and adopted some interesting features like FIDO.
[0] https://risacher.org/putty-cac/
[1] https://github.com/NoMoreFood/putty-cac
-
Unix sockets, Cygwin, SSH agents, and sadness
>so I've been working on extending our support for hardware-backed SSH certificates to Windows
Interesting work & I wish him luck. The ability to use hardware SSH certs on Windows has been around for at least a decade now, but it hasn't been a seamless experience.
The other attempt I'm aware of is PuTTY-CAC[0]. The issue with PuTTY-CAC is that the server still needs to be configured to check the certificate against CRLs & PKI infrastructure. Even without that, it is still used in security-conscious organizations, like the US Department of Veteran Affairs [1], for example.
[0] https://github.com/NoMoreFood/putty-cac
[1] https://www.oit.va.gov/Services/TRM/ToolPage.aspx?tid=8714#
- ssh client FIDO2
-
SSH from any computer using FIDO2 resident key, multiple keys and hosts.
Seem like a fork as FIDO Key signing but that's all (https://github.com/NoMoreFood/putty-cac/releases/tag/0.77)
-
Using Yubikey inside RDP Session (Terminal Server)
There is a GitHub Issue by me which may be interesting for you... it is about PuTTY CAC, but maybe you find some useful information in that too.
-
How to secure SSH for Remote connections
If you have smartcards or FIDO2 security keys (Yubikeys), consider using something like PuTTY CAC (https://github.com/NoMoreFood/putty-cac) to provide cheap and easy multi-factor authentication. With FIDO2, specifically, you can force the SSH server to only accept security keys by setting the only allowed authentication method to be [[email protected]](mailto:[email protected]).
-
I have a simple use case: windows ssh to Linux
2) Get an SSH client which works with Windows. I'd like to suggest or a fork based on "Putty SSH" ( https://www.putty.org/ ) called "Putty CAC" (SSH) which as of late May 2022 also supports FIDO2 keys ( citation: https://github.com/NoMoreFood/putty-cac/issues/57 ) ( Site for Putty CAC (ssh): https://github.com/NoMoreFood/putty-cac ) (unlike the main Putty SSH as of July 22, 2022)
-
Single SSH key-pair for my local machine and all my remote servers? Or a custom SSH key-pair for each remote server?
If you want to be safer, look into using WebAuthn/FIDO2 hardware token. OpenSSH supports them since version 8.2, and if you're on Windows, putty-cac added support in the last release.
-
PuTTY CAC (Free, Opensource) FIDO Changes: Help Needed
The development branch for PuTTY CAC that has the FIDO change can be found here.
-
Call For Testers: PuTTY CAC 0.77 Pre-Release (FIDO Support)
For several years, I've been the lead developer for a fork of PuTTY called PuTTY CAC that focuses on 2FA. In addition to utilizing certificate-bound keypairs (via Windows CAPI or a PKCS library), I've recently added support for FIDO2 keys using the WebAuthn functionality in Windows 10+. I tentatively plan on releasing these changes shortly after upstream PuTTY 0.77 is released. The development branch binaries can be found here: putty-cac/binaries at fido_dev_branch · NoMoreFood/putty-cac (github.com).
win-gpg-agent
-
Russhian Roulette: 1/6 chance of posting your SSH private key on pastebin
https://github.com/rupor-github/win-gpg-agent/blob/main/docs...
Don’t forget this diagram of all the agents, protocols and bridges you might hit on Windows.
-
Yubikey + SSH Keys?
For Windows, I've had really good luck with win-gpg-agent.
-
Yubikey SSH authentication via putty & command prompt in windows
I use the `win-gpg-agent` program by "rupor" on Github. You need to set it up to launch on start-up, and disable to built-in Microsoft SSH agent, but after that you can use the YubiKey with PuTTY and the built-in SSH.
-
Authenticating with public key "(none)" from agent
Oh shit, sorry dude, I'm no good with Windows. Maybe try something like https://github.com/rupor-github/win-gpg-agent
- Question about customizing the settings of Yubikey
-
Setting up SSH on a Yubikey 5 NFC
If you don't care about the security of your key-use, and are using a hardware token for some non-security-related reason, you could use something nuts like this (read the disclaimer in the README): https://github.com/rupor-github/win-gpg-agent (Seriously tho, just use PuTTY, like everyone stuck on that OS has since '99: https://developers.yubico.com/PGP/SSH_authentication/Windows.html )
What are some alternatives?
interesting-keys - Interesting collected (leaked) encryption/decryption keys
WinCryptSSHAgent - Using a Yubikey for SSH Authentication on Windows Seamlessly
KiTTY - :computer: KiTTY, a free telnet/ssh client for Windows
yubikey-agent - yubikey-agent is a seamless ssh-agent for YubiKeys.
hiba - HIBA is a system built on top of regular OpenSSH certificate-based authentication that allows to manage flexible authorization of principals on pools of target hosts without the need to push customized authorized_users files periodically.
pinentry-touchid - Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.
OpenSC - Open source smart card tools and middleware. PKCS#11/MiniDriver/Tokend
wsl-ssh-agent - Helper to interface with Windows ssh-agent.exe service from Windows Subsystem for Linux (WSL)
BorgBackup - Deduplicating archiver with compression and authenticated encryption.
OmniSSHAgent - Integrated ssh-agent for windows. (pageant compatible. openSSH ssh-agent etc ..)
WindTerm - A professional cross-platform SSH/Sftp/Shell/Telnet/Serial terminal.
generate-secure-pillar - Salt Secure Pillar Tool