sekey
stateless-workstation-config
sekey | stateless-workstation-config | |
---|---|---|
4 | 1 | |
2,429 | 22 | |
0.4% | - | |
0.0 | 6.4 | |
over 1 year ago | 3 months ago | |
Rust | Jinja | |
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
sekey
- Use TouchID to Authenticate Sudo on macOS
-
Apple/Google/Microsoft to accelerate rollout of passwordless sign‑in standard
> relaying auth requests to your phone for approval and storing secrets in the Secure Enclave
Like https://github.com/kryptco/kr [key stored in a [...] mobile app]?
Also, newer Macs have a Secure Enclave (supports 256-bit secp256r1 ECC keys):
https://github.com/maxgoedjen/secretive [storing and managing SSH keys in the Secure Enclave [...] or a Smart Card (such as a YubiKey)]
https://github.com/sekey/sekey [Use Touch ID / Secure Enclave for SSH Authentication!]
- Use Touch ID for Sudo on Mac
-
How often should I rotate my SSH keys?
Similar to the recommendations to use a YubiKey/hardware token, SeKey on a Mac lets you use a key generated in the Secure Enclave in an unexportable form (https://github.com/sekey/sekey)
stateless-workstation-config
-
How often should I rotate my SSH keys?
> An even more robust approach is to use some kind of hardware token that can sign short-lived ssh keys, and teach all your servers how to deal with those. That’s neat, but it’s hard to deploy (needs custom ssh settings).
Ahem, no. I use Yubikeys for a few years now. They are literally braindead to use, and works out of the box in recent Ubuntu. Here is an Absible role to get started: https://github.com/cristiklein/stateless-workstation-config/...
Stop making excuses and start protecting your SSH keys!
Disclaimer: I'm not compensated in any way by Yubico, but their product is so darn good that I really want people to start using it.
What are some alternatives?
secretive - Store SSH keys in the Secure Enclave
WSL-Hello-sudo - Let's sudo by face recognition of Windows Hello on Windows Subsystem for Linux (WSL). It runs on both WSL 1 and WSL 2. This is a PAM module for Linux on WSL.
bless - Repository for BLESS, an SSH Certificate Authority that runs as a AWS Lambda function
pam-watchid - PAM plugin module that allows the Apple Watch to be used for authentication
sharkey - Sharkey is a service for managing certificates for use by OpenSSH
openssh-sk-winhello - A helper for OpenSSH to interact with FIDO2 and U2F security keys through native Windows Hello API
sudo-touchid - A fork of `sudo` with Touch ID support.
webauthn - Web Authentication: An API for accessing Public Key Credentials
WinCryptSSHAgent - Using a Yubikey for SSH Authentication on Windows Seamlessly